AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Weekly CISO Take + top threats
Get the week's most critical AI security threats delivered every Monday. Free, no spam.
Latest AI Security Threats
Showing 26 of 26 results — Critical severity, has patch CVE-2026-33309 Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to...
CVE-2025-15031 A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path...
CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
GHSA-g38g-8gr9-h9xp PickleScan has multiple stdlib modules with direct RCE not in blocklist
GHSA-vvpj-8cmc-gx39 PickleScan's pkgutil.resolve_name has a universal blocklist bypass
GHSA-7wx9-6375-f5wh PickleScan's profile.run blocklist mismatch allows exec() bypass
CVE-2026-2635 MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not...
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
CVE-2026-25592 Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic...
CVE-2025-62593 Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
CVE-2025-12060 The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without...
CVE-2025-49655 Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a...
CVE-2025-54950 ExecuTorch out-of-bounds access vulnerability
CVE-2025-54951 ExecuTorch vulnerable to Heap-based Buffer Overflow
CVE-2025-54949 ExecuTorch heap buffer overflow vulnerability
CVE-2025-30405 ExecuTorch integer overflow vulnerability
CVE-2025-30404 ExecuTorch integer overflow vulnerability
CVE-2025-1793 llama_index vulnerable to SQL Injection
CVE-2025-47241 Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL
GHSA-ggpf-24jw-3fcw CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0
CVE-2024-8019 PyTorch Lightning path traversal vulnerability
CVE-2024-52803 LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises...
CVE-2023-6020 Ray Missing Authorization vulnerability
CVE-2023-6019 Ray OS Command Injection vulnerability
CVE-2023-6021 Ray Path Traversal vulnerability
CVE-2023-32785 Langchain SQL Injection vulnerability
Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial