AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 377 results — Medium severity

Severity CVE ID Summary CVSS EPSS Package Date

MEDI CVE-2025-29770 vLLM is a high-throughput and memory-efficient... 6.5 0.3% vllm Mar 19 MEDI CVE-2025-1944 picklescan before 0.0.23 is vulnerable to a ZIP... 6.5 0.1% picklescan Mar 10 MEDI CVE-2025-1979 ray vulnerable to Insertion of Sensitive... 6.4 0.0% ray Mar 6 MEDI CVE-2025-1716 Picklescan Allows Remote Code Execution via... — 4.2% picklescan Mar 3 MEDI CVE-2025-1889 PyTorch Model Files Can Bypass Pickle Scanners... — 0.0% picklescan Mar 3 MEDI CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS)... 6.1 4.4% label-studio Feb 14 MEDI CVE-2024-13698 The Jobify - Job Board WordPress Theme for... 6.5 — — Jan 24 MEDI CVE-2024-53526 Composio Command Execution vulnerability 6.4 0.8% — Jan 8 MEDI CVE-2024-55459 An issue in keras 3.7.0 allows attackers to write... 6.5 0.1% keras Jan 8 MEDI CVE-2024-11896 The Text Prompter – Unlimited chatgpt text... 6.4 — — Dec 24 MEDI CVE-2024-52524 ReDoS in giskard's transformation.py... — 1.5% — Nov 14 MEDI CVE-2024-51751 Gradio is an open-source Python package designed... 6.5 0.3% gradio Nov 6 MEDI CVE-2024-48052 In gradio <=4.42.0, the gr.DownloadButton... 6.5 0.1% gradio Nov 4 MEDI CVE-2024-6581 Lollms vulnerable to Cross-site Scripting 6.5 1.6% lollms Oct 29 MEDI CVE-2024-6985 Lord of Large Language Models (LoLLMs) path... 4.4 0.1% lollms Oct 11 MEDI CVE-2024-47872 Gradio is an open-source Python package designed... 5.4 0.3% gradio Oct 10 MEDI CVE-2024-47168 Gradio is an open-source Python package designed... 4.3 0.2% gradio Oct 10 MEDI CVE-2024-47166 Gradio is an open-source Python package designed... 5.3 0.2% gradio Oct 10 MEDI CVE-2024-47165 Gradio is an open-source Python package designed... 5.4 0.2% gradio Oct 10 MEDI CVE-2024-47164 Gradio is an open-source Python package designed... 6.5 0.2% gradio Oct 10 MEDI GHSA-26jh-r8g2-6fpr Gradio's dropdown component pre-process step does... 5.3 — gradio Oct 10 MEDI CVE-2024-7041 open-webui Insecure Direct Object Reference... 6.5 0.1% open-webui Oct 9 MEDI CVE-2024-7037 open-webui allows writing and deleting arbitrary... 6.5 2.3% open-webui Oct 9 MEDI CVE-2024-9277 A vulnerability classified as problematic was... 6.5 0.2% langflow Sep 27 MEDI CVE-2024-6845 The Chatbot with ChatGPT WordPress plugin before... 5.3 — — Sep 25 MEDI CVE-2024-8939 A vulnerability was found in the ilab model serve... 6.2 — — Sep 17 MEDI CVE-2024-42474 Streamlit is a data oriented application... 6.5 — streamlit Aug 12 MEDI CVE-2024-4940 An open redirect vulnerability exists in the... 6.1 — gradio Jun 22 MEDI CVE-2024-2965 Denial of service in langchain-community 4.2 0.0% langchain Jun 6 MEDI CVE-2024-5206 A sensitive data leakage vulnerability was... 4.7 — scikit-learn Jun 6 MEDI CVE-2024-3099 A vulnerability in mlflow/mlflow version 2.11.1... 5.4 — mlflow Jun 6 MEDI CVE-2024-4858 The Testimonial Carousel For Elementor plugin for... 5.3 — — May 25 MEDI CVE-2024-0451 The AI ChatBot plugin for WordPress is vulnerable... 5.0 — — May 22 MEDI CVE-2024-4263 A broken access control vulnerability exists in... 5.4 — mlflow May 16 MEDI CVE-2024-31584 Pytorch before v2.2.0 has an Out-of-bounds Read... 5.5 — pytorch Apr 19 MEDI CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a... 4.0 — pytorch Apr 17 MEDI CVE-2024-31462 stable-diffusion-webui is a web interface for... 6.3 — — Apr 12 MEDI CVE-2024-28224 Ollama before 0.1.29 has a DNS rebinding... 6.6 — ollama Apr 8 MEDI CVE-2024-2206 An SSRF vulnerability exists in the... 6.5 — gradio Mar 27 MEDI CVE-2024-1455 A vulnerability in the langchain-ai/langchain... 5.9 — langchain Mar 26 MEDI CVE-2023-30767 Improper buffer restrictions in Intel(R)... 6.7 — optimization_for_tensorflow Feb 14 MEDI CVE-2023-6568 A reflected Cross-Site Scripting (XSS)... 6.1 — mlflow Dec 7 MEDI CVE-2023-48299 TorchServe is a tool for serving and scaling... 5.3 — torchserve Nov 21 MEDI CVE-2023-41626 Gradio v3.27.0 was discovered to contain an... 4.8 — gradio Sep 15 MEDI CVE-2023-2800 Insecure Temporary File in GitHub repository... 4.7 0.0% transformers May 18 MEDI CVE-2023-27562 The n8n package 0.218.0 for Node.js allows... 6.5 — n8n May 10 MEDI CVE-2023-1651 The AI ChatBot WordPress plugin before 4.4.9 does... 5.4 — — May 8 MEDI CVE-2023-25661 TensorFlow is an Open Source Machine Learning... 6.5 — tensorflow Mar 27 MEDI CVE-2023-27494 Streamlit, software for turning data scripts into... 6.1 — streamlit Mar 16 MEDI CVE-2022-36551 Heartex - Label Studio Community Edition... 6.5 4.7% label-studio Oct 4

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial