ML CVEs
Home Almanac Topics
CVE Filter Tools Glossary Resources Editors
Offensive Sec network
Adversarial ML AI Attacks AI Sec JailbreakDB Jailbreaks FYI
Isometric illustration of what this site is for
site

What this site is for

ML CVEs catalogs AI/ML incidents and vulnerabilities — dated, sourced, verifiable.

By ML CVEs Editorial · · 7 min read

ML CVEs is a tracker. We catalog AI/ML incidents and vulnerabilities so practitioners and analysts have a single place to check what’s happened, when, and where to read more.

What we track:

  • CVEs in ML libraries and frameworks — PyTorch, TensorFlow, ONNX, vLLM, llama.cpp, transformers, langchain, LlamaIndex, and the supply chain around them
  • Model leaks and training-data exposures — accidental and adversarial
  • Jailbreak and prompt-injection disclosures — when a working bypass goes public
  • Vendor breaches affecting AI products — when an AI vendor or AI-adjacent service is compromised
  • Adversarial-use incidents — confirmed real-world exploitation, not hypothetical
  • Regulatory enforcement actions — when a regulator publicly acts against an AI company

Each entry is dated, linked to its primary source (advisory, paper, news report, court filing), and tagged. We don’t speculate. If we can’t link to a verifiable source, it doesn’t go up.

What this site is not: a news aggregator, a take farm, or a vendor advisory. We exist to be the boring, reliable index a security team can actually cite.

Pseudonymous editorial. Tips with primary sources to the editor.

The catalog opens shortly.

#meta
Subscribe

ML CVEs — in your inbox

CVEs in ML libraries, frameworks, and the AI/ML supply chain. — delivered when there's something worth your inbox.

No spam. Unsubscribe anytime.

Related

Isometric vector illustration of AI and ML supply-chain security tooling and model provenance checks
AI Security

Best AI Supply Chain Security Tools in 2026

A practitioner's guide to the best AI supply chain security tools: model artifact scanners, MLOps pipeline hardening, AIBOM generators, and what the NSA's March 2026 guidance says you must address.
Isometric vector illustration representing langchain security vulnerabilities 2026
Vulnerability Disclosure

LangChain Security Vulnerabilities 2026: CVEs, Attack Chains, and What to Patch

Four verified CVEs in LangChain and LangGraph expose API secrets, filesystem files, and conversation history. CVSS scores, attack paths, and patch versions for 2026.
Isometric vector illustration showing a workflow for triaging ML stack CVEs with vulnerability management tools.
defense

How to Triage an ML-Stack CVE: A Practical Workflow

A repeatable workflow for taking an ML-library CVE from 'a scanner flagged it' to a defensible decision — without panic-patching everything or trusting the CVSS number to do your thinking.

Comments