AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 225 results — Critical severityPyTorch: RCE bypasses weights_only=True safe-load guard
CVE-2025-32434 jupyter-remote-desktop-proxy: VNC network exposure
CVE-2025-32428 BentoML: RCE via insecure deserialization in runner
CVE-2025-32375 Langflow: Unauth RCE via code injection endpoint
CVE-2025-3248 BentoML: unauthenticated RCE via insecure deserialization
CVE-2025-27520 InvokeAI: RCE via unsafe torch.load deserialization
CVE-2024-12029 vLLM: RCE via pickle deserialization in distributed API
CVE-2024-9052 pytorch-lightning: file upload RCE (Windows)
CVE-2024-8019 llama-index finchat: SQL injection enables RCE
CVE-2024-12909 llama-index DuckDB retriever: SQLi enables RCE
CVE-2024-11958 BentoML: unauthenticated RCE via runner deserialization
CVE-2024-9070 vllm: RCE via unsafe pickle deserialization in RPC server
CVE-2024-9053 vllm: RCE via unsafe pickle deserialization in MessageQueue
CVE-2024-11041 vLLM: RCE via unsafe deserialization in Mooncake KV
CVE-2025-29783 Keras: safe_mode bypass enables RCE via model loading
CVE-2025-1550 picklescan: ZIP flag bypass enables RCE in PyTorch models
CVE-2025-1945 spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8)
CVE-2025-25362 JupyterHub LTI13: JWT forgery enables full auth bypass
CVE-2023-25574 PandasAI: prompt injection enables unauthenticated RCE
CVE-2024-12366 LlamaFactory: RCE via OS command injection in training
CVE-2024-52803 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial