AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 225 results — Critical severitylangchaingo: Jinja2 SSTI allows host filesystem read
CVE-2025-9556 n8n-workflows: path traversal in download_workflow endpoint
CVE-2025-55526 ExecuTorch: OOB read in model loader enables RCE
CVE-2025-54950 ExecuTorch: integer overflow in model load → RCE
CVE-2025-30405 ExecuTorch: integer overflow RCE on model load
CVE-2025-30404 ExecuTorch: heap buffer overflow RCE via model loading
CVE-2025-54949 ExecuTorch: heap buffer overflow RCE in model loading
CVE-2025-54951 Azure OpenAI: SSRF EoP, no auth required (CVSS 10)
CVE-2025-53767 ChatGLM-Webui: arbitrary file read, no auth required
CVE-2025-45150 BentoML: unauthenticated SSRF via file upload URLs
CVE-2025-54381 LangChain GmailToolkit: indirect prompt injection to RCE
CVE-2025-46059 smolagents: sandbox escape enables unauthenticated RCE
CVE-2025-5120 Langchain-Chatchat: path traversal in KB upload
CVE-2025-6853 LLaMA-Factory: RCE via unsafe checkpoint deserialization
CVE-2025-53002 LangChain RequestsToolkit: SSRF exposes cloud metadata
CVE-2025-2828 llama_index: SQL injection in vector store integrations
CVE-2025-1793 vLLM: RCE via exposed TCPStore in distributed inference
CVE-2025-47277 browser-use: URL allowlist bypass enables SSRF in agents
CVE-2025-47241 vLLM: RCE via pickle deserialization on ZeroMQ
CVE-2025-32444 vLLM: RCE via malicious model, PyTorch < 2.6 bypass
GHSA-ggpf-24jw-3fcw Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial