AI Threat Alert

EU AI Act Compliance Tracker

The EU AI Act is the first comprehensive AI regulation globally. It classifies AI systems by risk level and imposes mandatory requirements on high-risk systems. These CVE-to-article mappings help you demonstrate compliance with technical security requirements.

1698
CVEs Mapped
6
Controls with CVEs
2100
Total Mappings
ISO 42001 EU AI Act NIST AI RMF OWASP LLM Top 10

Controls & Mapped Vulnerabilities

Art.9

Risk management system

68 CVEs
CRITICAL
CVE-2026-33309 CVSS 9.9

langflow: Path Traversal enables file access

CRITICAL
CVE-2024-39236 CVSS 9.8

Gradio: code injection via component metadata (CVSS 9.8)

CRITICAL
CVE-2026-27966 CVSS 9.8

langflow: Code Injection enables RCE

+ 65 more CVEs mapped to this control

Art.10

Data and data governance

1 CVEs
HIGH
CVE-2026-28788 CVSS 7.1

Open WebUI: BOLA enables RAG poisoning via file overwrite

Art.13

Transparency and information to deployers

1 CVEs
MEDIUM
CVE-2025-13359 CVSS 6.5

taxopress: SQL Injection exposes database

Art.14

Human oversight

1 CVEs
HIGH
GHSA-qwgj-rrpj-75xm CVSS 8.8

PraisonAI: hardcoded approval bypass enables RCE

Art.15

Accuracy, robustness and cybersecurity

151 CVEs
CRITICAL
CVE-2026-33309 CVSS 9.9

langflow: Path Traversal enables file access

CRITICAL
CVE-2026-25053 CVSS 9.9

n8n: Command Injection enables RCE

CRITICAL
CVE-2025-54381 CVSS 9.9

BentoML: unauthenticated SSRF via file upload URLs

+ 148 more CVEs mapped to this control

Art.17

Quality management system

5 CVEs
HIGH
CVE-2025-8747 CVSS 7.8

Keras: safe mode bypass enables RCE via model load

MEDIUM
CVE-2023-2800 CVSS 4.7

Transformers: temp file race condition allows local DoS

MEDIUM
GHSA-7cq8-mj8x-j263

picklescan: detection bypass allows malicious pickle RCE

+ 2 more CVEs mapped to this control

Art.42

Presumption of conformity with certain requirements

0 CVEs
Art.62

Reporting of serious incidents

0 CVEs

Download Full Evidence Pack

Get the complete EU AI Act evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack