AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 1140 results

Severity CVE ID Summary CVSS EPSS Package Date

MEDI CVE-2024-6577 In the latest version of pytorch/serve, the... 6.3 0.1% — Mar 20 HIGH CVE-2024-12911 A vulnerability in the `default_jsonalyzer`... 7.1 0.2% llamaindex Mar 20 UNKN CVE-2024-12775 langgenius/dify version 0.10.1 contains a... — — — Mar 20 HIGH CVE-2024-12720 A Regular Expression Denial of Service (ReDoS)... 7.5 0.1% transformers Mar 20 HIGH CVE-2024-12704 A vulnerability in the LangChainLLM class of the... 7.5 0.3% llamaindex Mar 20 MEDI CVE-2024-12217 A vulnerability in the gradio-app/gradio... 5.3 0.1% gradio Mar 20 UNKN CVE-2024-12065 A local file inclusion vulnerability exists in... — — — Mar 20 HIGH CVE-2024-12055 A vulnerability in Ollama versions <=0.3.14... 7.5 — ollama Mar 20 CRIT CVE-2024-11041 vllm-project vllm version v0.6.2 contains a... 9.8 1.3% vllm Mar 20 UNKN CVE-2024-11037 A path traversal vulnerability exists in... — — — Mar 20 HIGH CVE-2024-11031 In version 3.83 of binary-husky/gpt_academic, a... 7.5 — — Mar 20 HIGH CVE-2024-11030 GPT Academic version 3.83 is vulnerable to a... 7.5 — — Mar 20 MEDI CVE-2024-10940 A vulnerability in langchain-core versions... 5.3 0.1% langchain-core Mar 20 UNKN CVE-2024-10707 gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is... — — — Mar 20 UNKN CVE-2024-10650 An unauthenticated Denial of Service (DoS)... — — — Mar 20 HIGH CVE-2024-10648 A path traversal vulnerability exists in the... 8.2 0.2% gradio Mar 20 HIGH CVE-2024-10624 A Regular Expression Denial of Service (ReDoS)... 7.5 0.8% gradio Mar 20 HIGH CVE-2024-10569 A vulnerability in the dataframe component of... 7.5 0.2% gradio Mar 20 HIGH CVE-2024-10188 A vulnerability in BerriAI/litellm, as of commit... 7.5 0.1% litellm Mar 20 CRIT CVE-2025-29783 vLLM is a high-throughput and memory-efficient... 9.0 1.7% vllm Mar 19 MEDI CVE-2025-29770 vLLM is a high-throughput and memory-efficient... 6.5 0.3% vllm Mar 19 CRIT CVE-2025-1550 The Keras Model.load_model function permits... 9.8 4.8% keras Mar 11 LOW CVE-2025-2149 A vulnerability was found in PyTorch 2.6.0+cu124.... 2.5 — pytorch Mar 10 HIGH CVE-2025-2148 A vulnerability was found in PyTorch 2.6.0+cu124.... 7.5 — pytorch Mar 10 CRIT CVE-2025-1945 picklescan before 0.0.23 fails to detect... 9.8 0.3% picklescan Mar 10 MEDI CVE-2025-1944 picklescan before 0.0.23 is vulnerable to a ZIP... 6.5 0.1% picklescan Mar 10 MEDI CVE-2025-1979 ray vulnerable to Insertion of Sensitive... 6.4 0.0% ray Mar 6 CRIT CVE-2025-25362 Spacy-LLM Server-Side Template Injection (SSTI)... 9.8 0.5% — Mar 5 LOW CVE-2025-1953 A vulnerability has been found in vLLM AIBrix... 2.6 — — Mar 4 MEDI CVE-2025-1716 Picklescan Allows Remote Code Execution via... — 4.2% picklescan Mar 3 MEDI CVE-2025-1889 PyTorch Model Files Can Bypass Pickle Scanners... — 0.0% picklescan Mar 3 CRIT CVE-2023-25574 LTI JupyterHub Authenticator does not properly... 10.0 0.2% — Feb 25 HIGH CVE-2025-25297 Label Studio allows Server-Side Request Forgery... 8.6 0.2% label-studio Feb 14 MEDI CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS)... 6.1 4.4% label-studio Feb 14 HIGH CVE-2025-25295 Label Studio has a Path Traversal Vulnerability... — 0.1% — Feb 14 CRIT CVE-2024-12366 PandasAI uses an interactive prompt function that... 9.8 5.9% — Feb 11 LOW CVE-2025-25183 vLLM is a high-throughput and memory-efficient... 2.6 0.4% vllm Feb 7 HIGH CVE-2025-24357 vLLM is a library for LLM inference and serving.... 8.8 1.0% vllm Jan 27 MEDI CVE-2024-13698 The Jobify - Job Board WordPress Theme for... 6.5 — — Jan 24 HIGH CVE-2025-23205 nbgrader's `frame-ancestors: self` grants all... — 0.3% — Jan 17 HIGH CVE-2025-23042 Gradio is an open-source Python package that... 7.5 0.1% gradio Jan 14 MEDI CVE-2024-53526 Composio Command Execution vulnerability 6.4 0.8% — Jan 8 MEDI CVE-2024-55459 An issue in keras 3.7.0 allows attackers to write... 6.5 0.1% keras Jan 8 UNKN CVE-2025-21604 LangChain4j-AIDeepin is a Retrieval enhancement... — — — Jan 6 UNKN CVE-2024-56516 free-one-api allows users to access large... — — — Dec 30 MEDI CVE-2024-11896 The Text Prompter – Unlimited chatgpt text... 6.4 — — Dec 24 HIGH CVE-2024-32965 Lobe Chat is an open-source, AI chat framework.... 8.6 — — Nov 26 HIGH CVE-2024-27134 Excessive directory permissions in MLflow leads... 7.0 0.0% mlflow Nov 25 HIGH CVE-2024-11394 Hugging Face Transformers Trax Model... 8.8 59.4% transformers Nov 22 HIGH CVE-2024-11393 Hugging Face Transformers MaskFormer Model... 8.8 76.1% transformers Nov 22

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial