AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 485 results — High severity, no patchOpen-WebUI: unauthenticated DoS via code formatter
CVE-2024-12537 H2O-3: unauthenticated AST parser enables DoS + file write
CVE-2024-10572 MLflow: CSRF in signup allows rogue account creation
CVE-2025-1473 MLflow: GraphQL DoS disables ML tracking server
CVE-2025-0453 Ollama: DoS via malicious GGUF model file upload
CVE-2025-0317 Ollama: GGUF model upload causes memory exhaustion DoS
CVE-2025-0315 Ollama: null pointer DoS via malicious GGUF model upload
CVE-2025-0312 BentoML: DoS via multipart boundary exhausts server
CVE-2024-9056 Gradio: DoS via malformed multipart boundary
CVE-2024-8966 MLflow: path traversal allows arbitrary file read via DBFS
CVE-2024-8859 ollama: divide-by-zero DoS via crafted GGUF model import
CVE-2024-8063 Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets
CVE-2024-7959 llama-index: SQLi+DoS via prompt injection in query engine
CVE-2024-12911 Transformers: ReDoS in Nougat tokenizer causes DoS
CVE-2024-12720 llama-index: DoS via infinite loop in LangChain LLM
CVE-2024-12704 Ollama: DoS via malicious gguf model file upload
CVE-2024-12055 GPT Academic: SSRF in Markdown plugin leaks credentials
CVE-2024-11031 GPT Academic: SSRF via unsanitized HotReload plugin
CVE-2024-11030 Gradio: path traversal enables arbitrary file deletion DoS
CVE-2024-10648 Gradio: ReDoS in DateTime causes CPU exhaustion DoS
CVE-2024-10624 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial