AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 225 results — Critical severity
Severity CVE ID Summary CVSS EPSS Package Date
CRIT CVE-2024-52384 Sage AI Plugin: unrestricted upload → web shell RCE 9.9 0.9% Nov 14 CRIT E CVE-2024-48061 Langflow: RCE via unsandboxed code component execution 9.8 13.2% langflow Nov 4 CRIT E CVE-2024-42835 Langflow: Unauthenticated RCE via PythonCodeTool 9.8 14.3% langflow Oct 31 CRIT E CVE-2024-48063 PyTorch: RCE via RemoteModule deserialization 9.8 25.1% pytorch Oct 29 CRIT E CVE-2024-8309 LangChain GraphCypher: prompt injection enables DB wipe 9.8 2.0% langchain Oct 29 CRIT E CVE-2024-7774 LangChain.js: path traversal, arbitrary file read/write 9.1 0.6% langchain.js Oct 29 CRIT E CVE-2024-7042 LangChainJS: prompt injection enables full graph DB takeover 9.8 0.1% langchain Oct 29 CRIT E CVE-2024-49326 Affiliator WP Plugin: Unauthenticated Web Shell Upload 9.8 0.6% affiliator Oct 20 CRIT CVE-2024-47871 Gradio: cleartext MITM exposes ML demo data via share=True 9.1 0.1% gradio Oct 10 CRIT CVE-2024-47167 Gradio: unauthenticated SSRF in /queue/join, internal pivot 9.8 0.2% gradio Oct 10 CRIT E CVE-2024-46946 LangChain-Experimental: RCE via eval in math chain 9.8 0.7% langchain-experimental Sep 19 CRIT E CVE-2024-41120 streamlit-geospatial: blind SSRF via unvalidated URL input 9.8 0.2% streamlit-geospatial Jul 26 CRIT E CVE-2024-41119 streamlit-geospatial: RCE via eval() on vis_params input 9.8 1.6% streamlit-geospatial Jul 26 CRIT E CVE-2024-41118 streamlit-geospatial: blind SSRF via WMS URL input 9.8 0.2% streamlit-geospatial Jul 26 CRIT E CVE-2024-41117 streamlit-geospatial: eval() injection allows RCE 9.8 2.3% streamlit-geospatial Jul 26 CRIT E CVE-2024-41116 streamlit-geospatial: RCE via eval() injection 9.8 2.0% streamlit-geospatial Jul 26 CRIT E CVE-2024-41115 streamlit-geospatial: eval() injection enables RCE 9.8 1.1% streamlit-geospatial Jul 26 CRIT E CVE-2024-41114 streamlit-geospatial: RCE via eval() on palette input 9.8 1.3% streamlit-geospatial Jul 26 CRIT E CVE-2024-41113 streamlit-geospatial: RCE via eval() in Timelapse page 9.8 1.6% streamlit-geospatial Jul 26 CRIT E CVE-2024-41112 streamlit-geospatial: RCE via eval() on palette input 9.8 1.6% streamlit-geospatial Jul 26

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial