AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Weekly CISO Take + top threats
Get the week's most critical AI security threats delivered every Monday. Free, no spam.
Latest AI Security Threats
Showing 50 of 978 results — no patch CVE-2024-52524 Giskard: ReDoS in text perturbation causes DoS
CVE-2024-52384 Sage AI Plugin: unrestricted upload → web shell RCE
CVE-2024-21799 Intel Extension for Transformers: path traversal privesc
CVE-2024-49048 TorchGeo: RCE via code injection in geospatial ML lib
CVE-2024-43598 LightGBM: heap buffer overflow enables network RCE
CVE-2024-51751 Gradio: path traversal exposes arbitrary server files
CVE-2024-48061 Langflow: RCE via unsandboxed code component execution
CVE-2024-48052 Gradio: SSRF in DownloadButton exposes internal resources
CVE-2024-39722 Ollama: path traversal exposes server filesystem
CVE-2024-39721 Ollama: DoS via /dev/random causes goroutine exhaustion
CVE-2024-39720 Ollama: OOB read in GGUF parser enables remote DoS
CVE-2024-39719 Ollama: file existence oracle via api/create errors
CVE-2024-42835 Langflow: Unauthenticated RCE via PythonCodeTool
CVE-2024-48063 PyTorch: RCE via RemoteModule deserialization
CVE-2024-6581 Lollms: SVG upload XSS enables session hijack and RCE
CVE-2024-8309 LangChain GraphCypher: prompt injection enables DB wipe
CVE-2024-7774 LangChain.js: path traversal, arbitrary file read/write
CVE-2024-7042 LangChainJS: prompt injection enables full graph DB takeover
CVE-2024-48919 Cursor IDE: prompt injection triggers terminal RCE
CVE-2024-49326 Affiliator WP Plugin: Unauthenticated Web Shell Upload
CVE-2024-6985 lollms: path traversal allows arbitrary directory read
CVE-2024-6971 lollms: path traversal in RAG database functions
CVE-2024-47872 Gradio: stored XSS via malicious file upload
CVE-2024-47871 Gradio: cleartext MITM exposes ML demo data via share=True
CVE-2024-47870 Gradio: race condition enables backend URL hijacking
CVE-2024-47869 Gradio: timing attack exposes analytics dashboard auth
CVE-2024-47868 Gradio: path traversal leaks arbitrary server files
CVE-2024-47867 Gradio: no integrity check on FRP binary, supply chain RCE
CVE-2024-47168 Gradio: monitoring endpoint bypass leaks app analytics
CVE-2024-47167 Gradio: unauthenticated SSRF in /queue/join, internal pivot
CVE-2024-47166 Gradio: path traversal leaks custom component source
CVE-2024-47165 Gradio: CORS null origin bypass leaks auth tokens
CVE-2024-47164 Gradio: path traversal bypasses directory access controls
CVE-2024-47084 Gradio: CORS bypass exposes local instances to credential theft
CVE-2024-7041 open-webui: IDOR enables cross-user memory tampering
CVE-2024-7037 open-webui: path traversal → arbitrary file write/RCE
CVE-2024-7038 open-webui: filesystem enumeration via admin error messages
CVE-2024-9277 Langflow: ReDoS crashes LLM workflow backend via HTTP POST
CVE-2024-7714 AYS ChatGPT WP Plugin: auth bypass disables AI service
CVE-2024-6845 ChatGPT WP Plugin: OpenAI API key leak via unauth REST
CVE-2024-46946 LangChain-Experimental: RCE via eval in math chain
CVE-2024-8939 ilab/vllm: best_of param causes inference API DoS
CVE-2024-8768 vLLM: unauthenticated DoS via empty completion prompt
CVE-2024-5998 LangChain: RCE via FAISS pickle deserialization
CVE-2024-6587 LiteLLM: SSRF leaks OpenAI API key to attacker
CVE-2024-45848 MindsDB: RCE via eval() injection in ChromaDB INSERT
CVE-2024-45436 Ollama: ZIP path traversal exposes host filesystem
CVE-2024-42474 Streamlit: path traversal leaks Windows NTLM hash
CVE-2023-33976 TensorFlow: DoS via upper_bound rank validation crash
CVE-2024-7297 Langflow: mass assignment grants super admin access
Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial