AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 524 results — High severity

Severity CVE ID Summary CVSS EPSS Package Date

HIGH CVE-2025-25295 Label Studio has a Path Traversal Vulnerability... — 0.1% — Feb 14 HIGH CVE-2025-24357 vLLM is a library for LLM inference and serving.... 8.8 1.0% vllm Jan 27 HIGH CVE-2025-23205 nbgrader's `frame-ancestors: self` grants all... — 0.3% — Jan 17 HIGH CVE-2025-23042 Gradio is an open-source Python package that... 7.5 0.1% gradio Jan 14 HIGH CVE-2024-32965 Lobe Chat is an open-source, AI chat framework.... 8.6 — — Nov 26 HIGH CVE-2024-27134 Excessive directory permissions in MLflow leads... 7.0 0.0% mlflow Nov 25 HIGH CVE-2024-11394 Hugging Face Transformers Trax Model... 8.8 59.4% transformers Nov 22 HIGH CVE-2024-11393 Hugging Face Transformers MaskFormer Model... 8.8 76.1% transformers Nov 22 HIGH CVE-2024-11392 Hugging Face Transformers MobileViTV2... 8.8 54.9% transformers Nov 22 HIGH CVE-2024-21799 Path traversal for some Intel(R) Extension for... 7.1 — — Nov 13 HIGH CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability 8.1 0.5% — Nov 12 HIGH CVE-2024-43598 LightGBM Remote Code Execution Vulnerability 8.1 1.6% lightgbm Nov 12 HIGH CVE-2024-39722 An issue was discovered in Ollama before 0.1.46.... 7.5 — ollama Oct 31 HIGH CVE-2024-39721 An issue was discovered in Ollama before 0.1.34.... 7.5 — ollama Oct 31 HIGH CVE-2024-39720 An issue was discovered in Ollama before 0.1.46.... 8.2 — ollama Oct 31 HIGH CVE-2024-39719 An issue was discovered in Ollama through 0.3.14.... 7.5 — ollama Oct 31 HIGH CVE-2024-47870 Gradio is an open-source Python package designed... 8.1 0.2% gradio Oct 10 HIGH CVE-2024-47868 Gradio is an open-source Python package designed... 7.5 0.2% gradio Oct 10 HIGH CVE-2024-47867 Gradio is an open-source Python package designed... 7.5 0.2% gradio Oct 10 HIGH CVE-2024-47084 Gradio is an open-source Python package designed... 8.3 0.1% gradio Oct 10 HIGH CVE-2024-7714 The AI ChatBot with ChatGPT and Content Generator... 7.5 — — Sep 27 HIGH CVE-2024-8768 A flaw was found in the vLLM library. A... 7.5 — — Sep 17 HIGH CVE-2024-5998 A vulnerability in the... 7.8 — langchain Sep 17 HIGH CVE-2024-6587 A Server-Side Request Forgery (SSRF)... 7.5 — litellm Sep 13 HIGH CVE-2024-45848 An arbitrary code execution vulnerability exists... 8.8 — — Sep 12 HIGH CVE-2024-45436 extractFromZipFile in model.go in Ollama before... 7.5 — ollama Aug 29 HIGH CVE-2023-33976 TensorFlow is an end-to-end open source platform... 7.5 — tensorflow Jul 30 HIGH CVE-2024-7297 Langflow versions prior to 1.0.13 suffer from a... 8.8 — langflow Jul 30 HIGH CVE-2024-35199 TorchServe is a flexible and easy-to-use tool for... 8.2 — torchserve Jul 19 HIGH CVE-2024-21513 Versions of the package langchain-experimental... 8.5 — langchain-experimental Jul 15 HIGH CVE-2024-36420 Flowise is a drag & drop user interface to build... 7.5 — — Jul 1 HIGH CVE-2024-38459 langchain_experimental (aka LangChain... 7.8 — langchain-experimental Jun 16 HIGH CVE-2024-5187 onnx allows Arbitrary File Overwrite in... 8.8 1.4% onnx Jun 6 HIGH CVE-2024-4888 BerriAI's litellm, in its latest version, is... 8.1 — litellm Jun 6 HIGH CVE-2024-3095 A Server-Side Request Forgery (SSRF)... 7.7 — langchain Jun 6 HIGH CVE-2024-2928 A Local File Inclusion (LFI) vulnerability was... 7.5 — mlflow Jun 6 HIGH CVE-2024-0520 A vulnerability in mlflow/mlflow version 8.2.1... 8.8 — mlflow Jun 6 HIGH CVE-2024-4941 A local file inclusion vulnerability exists in... 7.5 — gradio Jun 6 HIGH CVE-2024-4325 A Server-Side Request Forgery (SSRF)... 8.6 — gradio Jun 6 HIGH CVE-2024-37061 Remote Code Execution can occur in versions of... 8.8 — mlflow Jun 4 HIGH CVE-2024-37060 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37059 Deserialization of untrusted data can occur in... 8.8 0.4% mlflow Jun 4 HIGH CVE-2024-37058 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37057 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37056 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37055 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37054 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37053 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37052 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37032 Ollama before 0.1.34 does not validate the format... 8.8 — ollama May 31

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial