AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 26 of 26 results — Critical severity, has patch

Severity CVE ID Summary CVSS EPSS Package Date

CRIT CVE-2026-33309 Langflow is a tool for building and deploying... 9.9 — langflow Mar 24 CRIT CVE-2025-15031 A vulnerability in MLflow's pyfunc extraction... 9.1 0.0% mlflow Mar 18 CRIT CVE-2026-27825 MCP Atlassian has an arbitrary file write leading... 9.1 0.0% mcp-atlassian Mar 10 CRIT GHSA-g38g-8gr9-h9xp PickleScan has multiple stdlib modules with... 9.8 — picklescan Mar 3 CRIT GHSA-vvpj-8cmc-gx39 PickleScan's pkgutil.resolve_name has a universal... 10.0 — picklescan Mar 3 CRIT GHSA-7wx9-6375-f5wh PickleScan's profile.run blocklist mismatch... 9.8 — picklescan Mar 3 CRIT CVE-2026-2635 MLflow Use of Default Password Authentication... 9.8 0.7% mlflow Feb 20 CRIT CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore... 10.0 0.1% semantic-kernel Feb 19 CRIT CVE-2026-25592 Semantic Kernel is an SDK used to build,... 9.9 0.1% semantic-kernel Feb 6 CRIT CVE-2025-62593 Ray is vulnerable to Critical RCE via Safari &... — 0.0% ray Nov 26 CRIT CVE-2025-12060 The keras.utils.get_file API in Keras, when used... 9.8 0.1% keras Oct 30 CRIT CVE-2025-49655 Deserialization of untrusted data can occur in... 9.8 0.0% keras Oct 17 CRIT CVE-2025-54950 ExecuTorch out-of-bounds access vulnerability 9.8 0.2% executorch Aug 8 CRIT CVE-2025-54951 ExecuTorch vulnerable to Heap-based Buffer... 9.8 0.2% executorch Aug 8 CRIT CVE-2025-54949 ExecuTorch heap buffer overflow vulnerability 9.8 0.2% executorch Aug 8 CRIT CVE-2025-30405 ExecuTorch integer overflow vulnerability 9.8 0.2% executorch Aug 8 CRIT CVE-2025-30404 ExecuTorch integer overflow vulnerability 9.8 0.2% executorch Aug 8 CRIT CVE-2025-1793 llama_index vulnerable to SQL Injection 9.8 0.0% llama-index Jun 5 CRIT CVE-2025-47241 Browser Use allows bypassing `allowed_domains` by... 9.3 0.2% browser-use May 5 CRIT GHSA-ggpf-24jw-3fcw CVE-2025-24357 Malicious model remote code... 9.8 — vllm Apr 23 CRIT CVE-2024-8019 PyTorch Lightning path traversal vulnerability 9.1 1.1% pytorch-lightning Mar 20 CRIT CVE-2024-52803 LLama Factory enables fine-tuning of large... 9.8 2.4% llamafactory Nov 21 CRIT CVE-2023-6020 Ray Missing Authorization vulnerability 9.3 80.4% ray Nov 16 CRIT CVE-2023-6019 Ray OS Command Injection vulnerability 9.8 88.7% ray Nov 16 CRIT CVE-2023-6021 Ray Path Traversal vulnerability 9.3 87.3% ray Nov 16 CRIT CVE-2023-32785 Langchain SQL Injection vulnerability 9.8 — langchain Oct 21

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial