AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 1140 results

Severity CVE ID Summary CVSS EPSS Package Date

HIGH CVE-2024-0453 The AI ChatBot plugin for WordPress is vulnerable... 7.7 — — May 22 HIGH CVE-2024-0452 The AI ChatBot plugin for WordPress is vulnerable... 7.7 — — May 22 MEDI CVE-2024-0451 The AI ChatBot plugin for WordPress is vulnerable... 5.0 — — May 22 MEDI CVE-2024-4263 A broken access control vulnerability exists in... 5.4 — mlflow May 16 UNKN CVE-2024-4181 A command injection vulnerability exists in the... — — llamaindex May 16 HIGH CVE-2024-3848 A path traversal vulnerability exists in... 7.5 — mlflow May 16 CRIT CVE-2024-34359 llama-cpp-python is the Python bindings for... 9.6 — — May 14 HIGH CVE-2024-34527 spaces_plugin/app.py in SolidUI 0.4.0 has an... 7.5 — — May 6 HIGH CVE-2024-34510 Gradio before 4.20 allows credential leakage on... 7.5 0.1% gradio May 5 HIGH CVE-2024-34072 sagemaker-python-sdk is a library for training... 7.8 — — May 3 MEDI CVE-2024-31584 Pytorch before v2.2.0 has an Out-of-bounds Read... 5.5 — pytorch Apr 19 HIGH CVE-2024-31583 Pytorch before version v2.2.0 was discovered to... 7.8 — pytorch Apr 17 MEDI CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a... 4.0 — pytorch Apr 17 CRIT CVE-2024-3660 A arbitrary code injection vulnerability in... 9.8 — keras Apr 16 CRIT CVE-2024-3573 mlflow/mlflow is vulnerable to Local File... 9.3 — mlflow Apr 16 HIGH CVE-2024-3571 langchain-ai/langchain is vulnerable to path... 8.8 — langchain Apr 16 CRIT CVE-2024-2912 An insecure deserialization vulnerability exists... 10.0 — — Apr 16 HIGH CVE-2024-1594 A path traversal vulnerability exists in the... 7.5 — mlflow Apr 16 HIGH CVE-2024-1593 A path traversal vulnerability exists in the... 7.5 — mlflow Apr 16 UNKN CVE-2024-1561 An issue was discovered in gradio-app/gradio,... — — gradio Apr 16 HIGH CVE-2024-1560 A path traversal vulnerability exists in the... 8.1 — mlflow Apr 16 HIGH CVE-2024-1558 A path traversal vulnerability exists in the... 7.5 — mlflow Apr 16 HIGH CVE-2024-1483 A path traversal vulnerability exists in... 7.5 — mlflow Apr 16 UNKN CVE-2024-1183 An SSRF (Server-Side Request Forgery)... — — gradio Apr 16 MEDI CVE-2024-31462 stable-diffusion-webui is a web interface for... 6.3 — — Apr 12 CRIT CVE-2024-3568 The huggingface/transformers library is... 9.6 — transformers Apr 10 HIGH CVE-2024-1728 gradio-app/gradio is vulnerable to a local file... 7.5 — gradio Apr 10 MEDI CVE-2024-28224 Ollama before 0.1.29 has a DNS rebinding... 6.6 — ollama Apr 8 UNKN CVE-2024-1729 A timing attack vulnerability exists in the... — — gradio Mar 29 HIGH CVE-2024-1540 A command injection vulnerability exists in the... 8.2 — gradio Mar 27 MEDI CVE-2024-2206 An SSRF vulnerability exists in the... 6.5 — gradio Mar 27 MEDI CVE-2024-1455 A vulnerability in the langchain-ai/langchain... 5.9 — langchain Mar 26 UNKN CVE-2024-1727 A Cross-Site Request Forgery (CSRF) vulnerability... — — gradio Mar 21 HIGH CVE-2024-28088 LangChain through 0.1.10 allows ../ directory... 8.1 — langchain Mar 4 CRIT CVE-2024-2057 A vulnerability was found in LangChain... 9.8 — langchain Mar 1 CRIT CVE-2024-27444 langchain_experimental (aka LangChain... 9.8 — langchain-experimental Feb 26 CRIT CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS... 9.6 — mlflow Feb 23 CRIT CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS... 9.6 — mlflow Feb 23 MEDI CVE-2023-30767 Improper buffer restrictions in Intel(R)... 6.7 — optimization_for_tensorflow Feb 14 CRIT CVE-2024-0964 A local file include could be remotely triggered... 9.4 — gradio Feb 5 CRIT CVE-2024-23751 LlamaIndex (aka llama_index) through 0.9.34... 9.8 — llamaindex Jan 22 HIGH CVE-2023-51449 Gradio is an open-source Python package that... 7.5 — gradio Dec 22 HIGH CVE-2023-7018 Deserialization of Untrusted Data in GitHub... 7.8 — transformers Dec 20 HIGH CVE-2023-6730 Deserialization of Untrusted Data in GitHub... 8.8 0.2% transformers Dec 19 HIGH CVE-2023-6909 Path Traversal: '\..\filename' in GitHub... 7.5 — mlflow Dec 18 HIGH CVE-2023-6831 Path Traversal: '\..\filename' in GitHub... 8.1 — mlflow Dec 15 HIGH CVE-2023-6572 Command Injection in GitHub repository... 8.1 — gradio Dec 14 HIGH CVE-2023-6753 Path Traversal in GitHub repository mlflow/mlflow... 8.8 — mlflow Dec 13 HIGH CVE-2023-6709 Improper Neutralization of Special Elements Used... 8.8 — mlflow Dec 12 MEDI CVE-2023-6568 A reflected Cross-Site Scripting (XSS)... 6.1 — mlflow Dec 7

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial