AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 1140 results

Severity CVE ID Summary CVSS EPSS Package Date

HIGH CVE-2025-0628 LiteLLM Has an Improper Authorization... 8.1 0.1% litellm Mar 20 HIGH GHSA-5ccf-884p-4jjq Open WebUI Unauthenticated Multipart Boundary... 7.5 — open-webui Mar 20 HIGH CVE-2024-9606 LiteLLM Reveals Portion of API Key via a Logging... 7.5 0.1% litellm Mar 20 CRIT CVE-2024-9052 vLLM deserialization vulnerability in... 9.8 0.3% vllm Mar 20 HIGH CVE-2024-8984 LiteLLM Vulnerable to Denial of Service (DoS) via... 7.5 0.2% litellm Mar 20 HIGH CVE-2024-7983 Open WebUI denial of service through endpoint for... 7.5 0.2% open-webui Mar 20 HIGH CVE-2024-7990 Open WebUI stored cross-site scripting (XSS)... 8.4 0.2% open-webui Mar 20 HIGH CVE-2024-8053 Open WebUI lacks authentication for the... 7.5 0.8% open-webui Mar 20 HIGH CVE-2024-8060 Open WebUI allows Remote Code Execution via... 8.1 0.9% open-webui Mar 20 HIGH CVE-2024-8020 PyTorch Lightning denial of service vulnerability 7.5 0.1% pytorch-lightning Mar 20 MEDI CVE-2024-7035 Open WebUI Vulnerable to Cross-Site Request... 6.9 0.0% open-webui Mar 20 HIGH CVE-2024-7776 Open Neural Network Exchange (ONNX) Path... 8.1 1.5% onnx Mar 20 HIGH CVE-2024-7053 Open WebUI Vulnerable to a Session Fixation Attack 7.6 0.2% open-webui Mar 20 MEDI CVE-2024-7045 Open WebUI Has Improper Access Control Leading to... 4.3 0.1% open-webui Mar 20 HIGH CVE-2024-7806 Open WebUI Cross-Site Request Forgery (CSRF)... 8.0 0.7% open-webui Mar 20 MEDI CVE-2024-7046 Open WebUI Allows Viewing of Admin Details 4.3 0.1% open-webui Mar 20 CRIT CVE-2024-8019 PyTorch Lightning path traversal vulnerability 9.1 1.1% pytorch-lightning Mar 20 HIGH GHSA-6wj5-5pgr-jwq8 Open WebUI Unauthenticated Multipart Boundary... 7.5 — open-webui Mar 20 HIGH CVE-2024-7039 Open WebUI Allows Admin Deletion via API Endpoint 8.3 0.1% open-webui Mar 20 MEDI CVE-2024-7034 Open WebUI Allows Arbitrary File Write via the... 6.5 3.0% open-webui Mar 20 HIGH CVE-2024-7043 Open WebUI Allows Arbitrary File Reading and... 8.1 0.1% open-webui Mar 20 MEDI CVE-2024-7044 Open WebUI Vulnerable to Cross-Site Scripting... 6.8 0.3% open-webui Mar 20 HIGH CVE-2024-6982 LoLLMS Code Injection vulnerability 8.4 0.1% lollms Mar 20 HIGH CVE-2024-7036 Open WebUI Uncontrolled Resource Consumption... 7.5 0.5% open-webui Mar 20 HIGH CVE-2024-6825 LiteLLM Vulnerable to Remote Code Execution (RCE) 8.8 1.3% litellm Mar 20 MEDI CVE-2024-7033 Open WebUI Allows Arbitrary File Write via the... 6.5 1.2% open-webui Mar 20 MEDI CVE-2024-12910 LlamaIndex Uncontrolled Resource Consumption... 5.9 0.3% llama-index Mar 20 HIGH GHSA-w466-2wfc-8g58 Open WebUI has vulnerable dependency on starlette... 7.5 — open-webui Mar 20 HIGH GHSA-hh3j-9m59-p8vc BentoML vulnerable to Uncontrolled Resource... 7.5 — bentoml Mar 20 HIGH CVE-2024-12537 Open WebUI Uncontrolled Resource Consumption... 7.5 0.8% open-webui Mar 20 HIGH CVE-2024-12534 Open WebUI Uncontrolled Resource Consumption... 7.5 0.2% open-webui Mar 20 MEDI GHSA-564p-rx2q-4c8v BentoML Open Redirect vulnerability 6.1 — bentoml Mar 20 CRIT CVE-2024-11958 LlamaIndex Retrievers Integration:... 9.8 1.2% — Mar 20 HIGH CVE-2024-10572 H2O Vulnerable to Denial of Service (DoS) and... 7.5 0.1% — Mar 20 MEDI CVE-2025-1474 In mlflow/mlflow version 2.18, an admin is able... 5.5 0.1% mlflow Mar 20 HIGH CVE-2025-1473 A Cross-Site Request Forgery (CSRF) vulnerability... 7.1 0.1% mlflow Mar 20 HIGH CVE-2025-0453 In mlflow/mlflow version 2.17.2, the `/graphql`... 7.5 0.1% mlflow Mar 20 HIGH CVE-2025-0317 A vulnerability in ollama/ollama versions... 7.5 — ollama Mar 20 HIGH CVE-2025-0315 A vulnerability in ollama/ollama <=0.3.14 allows... 7.5 — ollama Mar 20 HIGH CVE-2025-0312 A vulnerability in ollama/ollama versions... 7.5 — ollama Mar 20 UNKN CVE-2025-0187 A Denial of Service (DoS) vulnerability was... — — gradio Mar 20 CRIT CVE-2024-9070 A deserialization vulnerability exists in... 9.8 0.3% bentoml Mar 20 HIGH CVE-2024-9056 BentoML version v1.3.4post1 is vulnerable to a... 7.5 0.2% bentoml Mar 20 CRIT CVE-2024-9053 vllm-project vllm version 0.6.0 contains a... 9.8 2.2% vllm Mar 20 HIGH CVE-2024-8966 A vulnerability in the file upload process of... 7.5 0.2% video Mar 20 HIGH CVE-2024-8859 A path traversal vulnerability exists in... 7.5 26.9% mlflow Mar 20 HIGH CVE-2024-8063 A divide by zero vulnerability exists in... 7.5 — ollama Mar 20 MEDI CVE-2024-8021 An open redirect vulnerability exists in the... 6.1 2.7% gradio Mar 20 HIGH CVE-2024-7959 The `/openai/models` endpoint in... 7.7 0.4% open-webui Mar 20 MEDI CVE-2024-6838 In mlflow/mlflow version v2.13.2, a vulnerability... 5.3 0.1% mlflow Mar 20

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial