AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 225 results — Critical severity Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2024-35198 TorchServe: URL bypass enables arbitrary model loading 9.8 0.2% torchserve Jul 19 CRIT E CVE-2024-39236 Gradio: code injection via component metadata (CVSS 9.8) 9.8 1.9% gradio Jul 1 CRIT E CVE-2024-37014 Langflow: unauthenticated RCE via custom component API 9.8 6.5% langflow Jun 10 CRIT E CVE-2024-3234 ChuanhuChatGPT: path traversal exposes LLM API keys 9.8 84.0% chuanhuchatgpt Jun 6 CRIT E CVE-2024-5452 pytorch-lightning: RCE via deepdiff Delta deserialization 9.8 62.6% pytorch_lightning Jun 6 CRIT E CVE-2024-4253 Gradio: CI/CD command injection enables secrets exfiltration 9.1 1.9% gradio Jun 4 CRIT E CVE-2024-34359 llama-cpp-python: SSTI in .gguf loader enables RCE 9.6 39.4% — May 14 CRIT E CVE-2024-3660 Keras: RCE via malicious model deserialization 9.8 0.4% keras Apr 16 CRIT E CVE-2024-3573 MLflow: LFI via URI parsing allows arbitrary file read 9.3 0.2% mlflow Apr 16 CRIT E CVE-2024-2912 BentoML: RCE via insecure deserialization (CVSS 10) 10.0 7.5% — Apr 16 CRIT E CVE-2024-3568 HuggingFace Transformers: RCE via pickle deserialization 9.6 24.4% transformers Apr 10 CRIT E CVE-2024-31224 gpt_academic: deserialization RCE, no auth required 9.8 3.3% gpt_academic Apr 8 CRIT E CVE-2024-2057 LangChain TFIDFRetriever: SSRF/RCE via load_local 9.8 0.1% langchain Mar 1 CRIT E CVE-2024-27444 LangChain Experimental: RCE via Python sandbox escape 9.8 0.1% langchain-experimental Feb 26 CRIT E CVE-2024-27133 MLflow: XSS in recipe runner enables Jupyter RCE 9.6 0.2% mlflow Feb 23 CRIT E CVE-2024-27132 MLflow: XSS in recipes enables client-side RCE 9.6 0.2% mlflow Feb 23 CRIT E CVE-2024-0964 Gradio: unauthenticated LFI exposes full server filesystem 9.4 0.1% gradio Feb 5 CRIT E CVE-2024-23751 LlamaIndex: SQL injection in Text-to-SQL feature 9.8 0.4% llamaindex Jan 22 CRIT CVE-2023-48022 Ray: unauthenticated RCE via job submission API 9.8 92.2% ray Nov 28 CRIT E CVE-2023-6020 Ray: unauthenticated LFI exposes entire filesystem 9.3 81.4% ray Nov 16 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial