EU AI Act Compliance Tracker

The EU AI Act is the first comprehensive AI regulation globally. It classifies AI systems by risk level and imposes mandatory requirements on high-risk systems. These CVE-to-article mappings help you demonstrate compliance with technical security requirements.

2389
CVEs Mapped
6
Controls with CVEs
2841
Total Mappings

Controls & Mapped Vulnerabilities

Art.9

Risk management system

72 CVEs
CRITICAL
CVE-2026-33309 CVSS 9.9

langflow: Path Traversal enables file access

CRITICAL
CVE-2026-27966 CVSS 9.8

langflow: Code Injection enables RCE

CRITICAL
CVE-2024-39236 CVSS 9.8

Gradio: code injection via component metadata (CVSS 9.8)

+ 69 more CVEs mapped to this control

Art.10

Data and data governance

1 CVEs
HIGH
CVE-2026-28788 CVSS 7.1

Open WebUI: BOLA enables RAG poisoning via file overwrite

Art.13

Transparency and information to deployers

1 CVEs
MEDIUM
CVE-2025-13359 CVSS 6.5

taxopress: SQL Injection exposes database

Art.14

Human oversight

1 CVEs
HIGH
GHSA-qwgj-rrpj-75xm CVSS 8.8

PraisonAI: hardcoded approval bypass enables RCE

Art.15

Accuracy, robustness and cybersecurity

154 CVEs
CRITICAL
CVE-2026-25053 CVSS 9.9

n8n: Command Injection enables RCE

CRITICAL
CVE-2025-54381 CVSS 9.9

BentoML: unauthenticated SSRF via file upload URLs

CRITICAL
CVE-2026-27495 CVSS 9.9

n8n: Code Injection enables RCE

+ 151 more CVEs mapped to this control

Art.17

Quality management system

5 CVEs
HIGH
CVE-2025-8747 CVSS 7.8

Keras: safe mode bypass enables RCE via model load

MEDIUM
CVE-2023-2800 CVSS 4.7

Transformers: temp file race condition allows local DoS

MEDIUM
GHSA-vr7h-p6mm-wpmh

picklescan: PyTorch gadget bypasses pickle RCE detection

+ 2 more CVEs mapped to this control

Art.42

Presumption of conformity with certain requirements

0 CVEs
Art.62

Reporting of serious incidents

0 CVEs

Download Full Evidence Pack

Get the complete EU AI Act evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack