AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 171 results — Critical severity

Severity CVE ID Summary CVSS EPSS Package Date

CRIT CVE-2024-41118 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41117 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41116 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41115 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41114 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41113 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41112 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-35198 TorchServe is a flexible and easy-to-use tool for... 9.8 — torchserve Jul 19 CRIT CVE-2024-39236 Gradio v4.36.1 was discovered to contain a code... 9.8 — gradio Jul 1 CRIT CVE-2024-37014 Langflow through 0.6.19 allows remote code... 9.8 6.5% langflow Jun 10 CRIT CVE-2024-3234 The gaizhenbiao/chuanhuchatgpt application is... 9.8 — — Jun 6 CRIT CVE-2024-5452 A remote code execution (RCE) vulnerability... 9.8 56.7% pytorch_lightning Jun 6 CRIT CVE-2024-4253 A command injection vulnerability exists in the... 9.1 — gradio Jun 4 CRIT CVE-2024-34359 llama-cpp-python is the Python bindings for... 9.6 — — May 14 CRIT CVE-2024-3660 A arbitrary code injection vulnerability in... 9.8 — keras Apr 16 CRIT CVE-2024-3573 mlflow/mlflow is vulnerable to Local File... 9.3 — mlflow Apr 16 CRIT CVE-2024-2912 An insecure deserialization vulnerability exists... 10.0 — — Apr 16 CRIT CVE-2024-3568 The huggingface/transformers library is... 9.6 — transformers Apr 10 CRIT CVE-2024-2057 A vulnerability was found in LangChain... 9.8 — langchain Mar 1 CRIT CVE-2024-27444 langchain_experimental (aka LangChain... 9.8 — langchain-experimental Feb 26 CRIT CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS... 9.6 — mlflow Feb 23 CRIT CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS... 9.6 — mlflow Feb 23 CRIT CVE-2024-0964 A local file include could be remotely triggered... 9.4 — gradio Feb 5 CRIT CVE-2024-23751 LlamaIndex (aka llama_index) through 0.9.34... 9.8 — llamaindex Jan 22 CRIT CVE-2023-48022 Ray has arbitrary code execution via jobs... 9.8 91.8% ray Nov 28 CRIT CVE-2023-6020 Ray Missing Authorization vulnerability 9.3 80.4% ray Nov 16 CRIT CVE-2023-6014 An attacker is able to arbitrarily create an... 9.8 — mlflow Nov 16 CRIT CVE-2023-6021 Ray Path Traversal vulnerability 9.3 87.3% ray Nov 16 CRIT CVE-2023-6019 Ray OS Command Injection vulnerability 9.8 88.7% ray Nov 16 CRIT CVE-2023-6018 An attacker can overwrite any file on the server... 9.8 — mlflow Nov 16 CRIT CVE-2023-5245 FileUtil.extract() enumerates all zip file... 9.8 — — Nov 15 CRIT CVE-2023-32785 Langchain SQL Injection vulnerability 9.8 — langchain Oct 21 CRIT CVE-2023-44467 langchain_experimental (aka LangChain... 9.8 — langchain_experimental Oct 9 CRIT CVE-2023-43654 TorchServe is a tool for serving and scaling... 9.8 — torchserve Sep 28 CRIT CVE-2023-39631 An issue in LanChain-ai Langchain v.0.0.245... 9.8 3.3% langchain Sep 1 CRIT CVE-2023-36281 An issue in langchain v.0.0.171 allows a remote... 9.8 — langchain Aug 22 CRIT CVE-2023-39659 An issue in langchain langchain-ai v.0.0.232 and... 9.8 — langchain Aug 15 CRIT CVE-2023-38896 An issue in Harrison Chase langchain v.0.0.194... 9.8 — langchain Aug 15 CRIT CVE-2023-38860 An issue in LangChain v.0.0.231 allows a remote... 9.8 1.4% langchain Aug 15 CRIT CVE-2023-36095 An issue in Harrison Chase langchain v.0.0.194... 9.8 — langchain Aug 5 CRIT CVE-2023-3765 Absolute Path Traversal in GitHub repository... 10.0 — mlflow Jul 19 CRIT CVE-2023-3686 A vulnerability was found in Bylancer QuickAI... 9.8 — quickai_openai Jul 16 CRIT CVE-2023-36188 An issue in langchain v.0.0.64 allows a remote... 9.8 — langchain Jul 6 CRIT CVE-2023-36258 An issue in LangChain before 0.0.236 allows an... 9.8 0.5% langchain Jul 3 CRIT CVE-2023-34541 Langchain 0.0.171 is vulnerable to Arbitrary code... 9.8 — langchain Jun 20 CRIT CVE-2023-34540 Langchain before v0.0.225 was discovered to... 9.8 — langchain Jun 14 CRIT CVE-2023-34239 Gradio is an open-source Python library that is... 9.1 — gradio Jun 8 CRIT CVE-2023-2780 Path Traversal: '\..\filename' in GitHub... 9.8 — mlflow May 17 CRIT CVE-2023-29374 In LangChain through 0.0.131, the LLMMathChain... 9.8 4.5% langchain Apr 5 CRIT CVE-2023-25668 TensorFlow is an open source platform for machine... 9.8 — tensorflow Mar 25

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial