AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 16 of 66 results — Medium severity, has patch

MEDIUM GHSA-hf3c-wxg2-49q9

vLLM vulnerable to Denial of Service by abusing xgrammar cache

CVSS 6.5 vllm Patch: 0.8.4 CWE-770

MEDIUM CVE-2025-32381

xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory

CVSS 6.5 EPSS 0.3% xgrammar Patch: 0.1.18 CWE-770

MEDIUM GHSA-v7x6-rv5q-mhwc

Picklescan missing detection when calling built-in python library function timeit.timeit()

picklescan Patch: 0.0.25 CWE-184

MEDIUM GHSA-fj43-3qmq-673f

Picklescan failed to detect to some unsafe global function in Numpy library

picklescan Patch: 0.0.25 CWE-502

MEDIUM CVE-2025-0508

SageMaker Workflow component allows possibility of MD5 hash collisions

CVSS 5.9 EPSS 0.1% sagemaker Patch: 2.237.3 CWE-328

MEDIUM CVE-2024-12910

LlamaIndex Uncontrolled Resource Consumption vulnerability

CVSS 5.9 EPSS 0.3% llama-index Patch: 0.12.9 CWE-400

MEDIUM CVE-2024-10940

A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from...

CVSS 5.3 EPSS 0.1% langchain-core Patch: 0.1.53 CWE-497

MEDIUM CVE-2025-1944

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP...

CVSS 6.5 EPSS 0.1% picklescan Patch: 0.0.23 CWE-345

MEDIUM CVE-2025-1979

ray vulnerable to Insertion of Sensitive Information into Log File

CVSS 6.4 EPSS 0.0% ray Patch: 2.43.0 CWE-532

MEDIUM CVE-2025-1716

Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

EPSS 4.2% picklescan Patch: 0.0.22 CWE-184

MEDIUM CVE-2025-1889

PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

EPSS 0.0% picklescan Patch: 0.0.22 CWE-646

MEDIUM CVE-2025-25296

Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

CVSS 6.1 EPSS 4.4% label-studio Patch: 1.16.0 CWE-79

MEDIUM GHSA-26jh-r8g2-6fpr

Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

CVSS 5.3 gradio Patch: 5.0.0

MEDIUM CVE-2024-2965

Denial of service in langchain-community

CVSS 4.2 EPSS 0.0% langchain Patch: 0.2.5 CWE-400

MEDIUM CVE-2022-36551

Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

CVSS 6.5 EPSS 4.7% label-studio Patch: 1.6.0 CWE-918

MEDIUM CVE-2018-21030

Cross-site scripting in Jupyter Notebook

CVSS 5.3 EPSS 0.4% notebook Patch: 5.5.0rc1 CWE-79

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial