AI Threat Alert AI Threat Alert

EU AI Act Compliance Tracker

The EU AI Act is the first comprehensive AI regulation globally. It classifies AI systems by risk level and imposes mandatory requirements on high-risk systems. These CVE-to-article mappings help you demonstrate compliance with technical security requirements.

1204
CVEs Mapped
5
Controls with CVEs
1522
Total Mappings
ISO 42001 EU AI Act NIST AI RMF OWASP LLM Top 10

Controls & Mapped Vulnerabilities

Art.9

Risk management system

61 CVEs
CRITICAL
CVE-2026-33309 CVSS 9.9

langflow: Path Traversal enables file access

CRITICAL
CVE-2026-27966 CVSS 9.8

langflow: Code Injection enables RCE

CRITICAL
CVE-2023-3686 CVSS 9.8

QuickAI: unauthenticated SQLi exposes OpenAI API keys

+ 58 more CVEs mapped to this control

Art.10

Data and data governance

1 CVEs
HIGH
CVE-2026-28788 CVSS 7.1

Open WebUI: BOLA enables RAG poisoning via file overwrite

Art.13

Transparency and information to deployers

1 CVEs
MEDIUM
CVE-2025-13359 CVSS 6.5

taxopress: SQL Injection exposes database

Art.14

Human oversight

0 CVEs
Art.15

Accuracy, robustness and cybersecurity

139 CVEs
CRITICAL
CVE-2025-54381 CVSS 9.9

BentoML: unauthenticated SSRF via file upload URLs

CRITICAL
CVE-2026-25053 CVSS 9.9

n8n: Command Injection enables RCE

CRITICAL
CVE-2026-33309 CVSS 9.9

langflow: Path Traversal enables file access

+ 136 more CVEs mapped to this control

Art.17

Quality management system

5 CVEs
HIGH
CVE-2025-8747 CVSS 7.8

Keras: safe mode bypass enables RCE via model load

MEDIUM
CVE-2023-2800 CVSS 4.7

Transformers: temp file race condition allows local DoS

MEDIUM
GHSA-7cq8-mj8x-j263

picklescan: detection bypass allows malicious pickle RCE

+ 2 more CVEs mapped to this control

Art.42

Presumption of conformity with certain requirements

0 CVEs
Art.62

Reporting of serious incidents

0 CVEs

Download Full Evidence Pack

Get the complete EU AI Act evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack