AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 973 results — no patch

Severity CVE ID Summary CVSS EPSS Package Date

CRIT CVE-2024-41115 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41114 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41113 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41112 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 HIGH CVE-2024-35199 TorchServe is a flexible and easy-to-use tool for... 8.2 — torchserve Jul 19 CRIT CVE-2024-35198 TorchServe is a flexible and easy-to-use tool for... 9.8 — torchserve Jul 19 HIGH CVE-2024-21513 Versions of the package langchain-experimental... 8.5 — langchain-experimental Jul 15 LOW CVE-2024-40594 The OpenAI ChatGPT app before 2024-07-05 for... 2.3 — — Jul 6 UNKN CVE-2024-4897 parisneo/lollms-webui, in its latest version, is... — — — Jul 2 CRIT CVE-2024-39236 Gradio v4.36.1 was discovered to contain a code... 9.8 — gradio Jul 1 HIGH CVE-2024-36420 Flowise is a drag & drop user interface to build... 7.5 — — Jul 1 LOW CVE-2024-4839 A Cross-Site Request Forgery (CSRF) vulnerability... 3.3 — — Jun 24 MEDI CVE-2024-4940 An open redirect vulnerability exists in the... 6.1 — gradio Jun 22 HIGH CVE-2024-38459 langchain_experimental (aka LangChain... 7.8 — langchain-experimental Jun 16 CRIT CVE-2024-37014 Langflow through 0.6.19 allows remote code... 9.8 6.5% langflow Jun 10 MEDI CVE-2024-5206 A sensitive data leakage vulnerability was... 4.7 — scikit-learn Jun 6 HIGH CVE-2024-4888 BerriAI's litellm, in its latest version, is... 8.1 — litellm Jun 6 CRIT CVE-2024-3234 The gaizhenbiao/chuanhuchatgpt application is... 9.8 — — Jun 6 MEDI CVE-2024-3099 A vulnerability in mlflow/mlflow version 2.11.1... 5.4 — mlflow Jun 6 HIGH CVE-2024-3095 A Server-Side Request Forgery (SSRF)... 7.7 — langchain Jun 6 HIGH CVE-2024-2928 A Local File Inclusion (LFI) vulnerability was... 7.5 — mlflow Jun 6 HIGH CVE-2024-0520 A vulnerability in mlflow/mlflow version 8.2.1... 8.8 — mlflow Jun 6 CRIT CVE-2024-5452 A remote code execution (RCE) vulnerability... 9.8 56.7% pytorch_lightning Jun 6 HIGH CVE-2024-4941 A local file inclusion vulnerability exists in... 7.5 — gradio Jun 6 HIGH CVE-2024-4325 A Server-Side Request Forgery (SSRF)... 8.6 — gradio Jun 6 UNKN CVE-2024-4254 The 'deploy-website.yml' workflow in the... — — gradio Jun 4 HIGH CVE-2024-37061 Remote Code Execution can occur in versions of... 8.8 — mlflow Jun 4 HIGH CVE-2024-37060 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37059 Deserialization of untrusted data can occur in... 8.8 0.4% mlflow Jun 4 HIGH CVE-2024-37058 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37057 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37056 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37055 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37054 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37053 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37052 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 CRIT CVE-2024-4253 A command injection vulnerability exists in the... 9.1 — gradio Jun 4 HIGH CVE-2024-37032 Ollama before 0.1.34 does not validate the format... 8.8 — ollama May 31 UNKN CVE-2024-3924 A code injection vulnerability exists in the... — — — May 30 MEDI CVE-2024-4858 The Testimonial Carousel For Elementor plugin for... 5.3 — — May 25 HIGH CVE-2024-0453 The AI ChatBot plugin for WordPress is vulnerable... 7.7 — — May 22 HIGH CVE-2024-0452 The AI ChatBot plugin for WordPress is vulnerable... 7.7 — — May 22 MEDI CVE-2024-0451 The AI ChatBot plugin for WordPress is vulnerable... 5.0 — — May 22 MEDI CVE-2024-4263 A broken access control vulnerability exists in... 5.4 — mlflow May 16 UNKN CVE-2024-4181 A command injection vulnerability exists in the... — — llamaindex May 16 HIGH CVE-2024-3848 A path traversal vulnerability exists in... 7.5 — mlflow May 16 CRIT CVE-2024-34359 llama-cpp-python is the Python bindings for... 9.6 — — May 14 HIGH CVE-2024-34527 spaces_plugin/app.py in SolidUI 0.4.0 has an... 7.5 — — May 6 HIGH CVE-2024-34510 Gradio before 4.20 allows credential leakage on... 7.5 0.1% gradio May 5 HIGH CVE-2024-34072 sagemaker-python-sdk is a library for training... 7.8 — — May 3

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial