AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 1140 results

Severity CVE ID Summary CVSS EPSS Package Date

HIGH CVE-2024-11392 Hugging Face Transformers MobileViTV2... 8.8 54.9% transformers Nov 22 CRIT CVE-2024-52803 LLama Factory enables fine-tuning of large... 9.8 2.4% llamafactory Nov 21 MEDI CVE-2024-52524 ReDoS in giskard's transformation.py... — 1.5% — Nov 14 CRIT CVE-2024-52384 Unrestricted Upload of File with Dangerous Type... 9.9 — — Nov 14 HIGH CVE-2024-21799 Path traversal for some Intel(R) Extension for... 7.1 — — Nov 13 HIGH CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability 8.1 0.5% — Nov 12 HIGH CVE-2024-43598 LightGBM Remote Code Execution Vulnerability 8.1 1.6% lightgbm Nov 12 MEDI CVE-2024-51751 Gradio is an open-source Python package designed... 6.5 0.3% gradio Nov 6 CRIT CVE-2024-48061 langflow <=1.0.18 is vulnerable to Remote Code... 9.8 10.2% langflow Nov 4 MEDI CVE-2024-48052 In gradio <=4.42.0, the gr.DownloadButton... 6.5 0.1% gradio Nov 4 HIGH CVE-2024-39722 An issue was discovered in Ollama before 0.1.46.... 7.5 — ollama Oct 31 HIGH CVE-2024-39721 An issue was discovered in Ollama before 0.1.34.... 7.5 — ollama Oct 31 HIGH CVE-2024-39720 An issue was discovered in Ollama before 0.1.46.... 8.2 — ollama Oct 31 HIGH CVE-2024-39719 An issue was discovered in Ollama through 0.3.14.... 7.5 — ollama Oct 31 CRIT CVE-2024-42835 langflow v1.0.12 was discovered to contain a... 9.8 16.2% langflow Oct 31 CRIT CVE-2024-48063 In PyTorch <=2.4.1, the RemoteModule has... 9.8 — pytorch Oct 29 MEDI CVE-2024-6581 Lollms vulnerable to Cross-site Scripting 6.5 1.6% lollms Oct 29 CRIT CVE-2024-8309 A vulnerability in the GraphCypherQAChain class... 9.8 3.0% langchain Oct 29 CRIT CVE-2024-7774 A path traversal vulnerability exists in the... 9.1 — langchain.js Oct 29 CRIT CVE-2024-7042 A vulnerability in the GraphCypherQAChain class... 9.8 — langchain Oct 29 UNKN CVE-2024-48919 Cursor is a code editor built for programming... — — — Oct 22 CRIT CVE-2024-49326 Unrestricted Upload of File with Dangerous Type... 9.8 — affiliator Oct 20 MEDI CVE-2024-6985 Lord of Large Language Models (LoLLMs) path... 4.4 0.1% lollms Oct 11 LOW CVE-2024-6971 Lord of Large Language Models (LoLLMs) Server... 3.4 0.0% lollms Oct 11 MEDI CVE-2024-47872 Gradio is an open-source Python package designed... 5.4 0.3% gradio Oct 10 CRIT CVE-2024-47871 Gradio is an open-source Python package designed... 9.1 0.1% gradio Oct 10 HIGH CVE-2024-47870 Gradio is an open-source Python package designed... 8.1 0.2% gradio Oct 10 LOW CVE-2024-47869 Gradio is an open-source Python package designed... 3.7 0.2% gradio Oct 10 HIGH CVE-2024-47868 Gradio is an open-source Python package designed... 7.5 0.2% gradio Oct 10 HIGH CVE-2024-47867 Gradio is an open-source Python package designed... 7.5 0.2% gradio Oct 10 MEDI CVE-2024-47168 Gradio is an open-source Python package designed... 4.3 0.2% gradio Oct 10 CRIT CVE-2024-47167 Gradio is an open-source Python package designed... 9.8 0.2% gradio Oct 10 MEDI CVE-2024-47166 Gradio is an open-source Python package designed... 5.3 0.2% gradio Oct 10 MEDI CVE-2024-47165 Gradio is an open-source Python package designed... 5.4 0.2% gradio Oct 10 MEDI CVE-2024-47164 Gradio is an open-source Python package designed... 6.5 0.2% gradio Oct 10 HIGH CVE-2024-47084 Gradio is an open-source Python package designed... 8.3 0.1% gradio Oct 10 MEDI GHSA-26jh-r8g2-6fpr Gradio's dropdown component pre-process step does... 5.3 — gradio Oct 10 MEDI CVE-2024-7041 open-webui Insecure Direct Object Reference... 6.5 0.1% open-webui Oct 9 LOW CVE-2024-7038 open-webui allows enumeration of file names and... 2.7 0.2% open-webui Oct 9 MEDI CVE-2024-7037 open-webui allows writing and deleting arbitrary... 6.5 2.3% open-webui Oct 9 MEDI CVE-2024-9277 A vulnerability classified as problematic was... 6.5 0.2% langflow Sep 27 HIGH CVE-2024-7714 The AI ChatBot with ChatGPT and Content Generator... 7.5 — — Sep 27 MEDI CVE-2024-6845 The Chatbot with ChatGPT WordPress plugin before... 5.3 — — Sep 25 CRIT CVE-2024-46946 langchain_experimental (aka LangChain... 9.8 — langchain-experimental Sep 19 MEDI CVE-2024-8939 A vulnerability was found in the ilab model serve... 6.2 — — Sep 17 HIGH CVE-2024-8768 A flaw was found in the vLLM library. A... 7.5 — — Sep 17 HIGH CVE-2024-5998 A vulnerability in the... 7.8 — langchain Sep 17 HIGH CVE-2024-6587 A Server-Side Request Forgery (SSRF)... 7.5 — litellm Sep 13 HIGH CVE-2024-45848 An arbitrary code execution vulnerability exists... 8.8 — — Sep 12 HIGH CVE-2024-45436 extractFromZipFile in model.go in Ollama before... 7.5 — ollama Aug 29

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial