AI Threat Alert

ISO 42001 Compliance Tracker

ISO/IEC 42001 is the international standard for AI management systems (AIMS). It provides a framework for organizations to manage the development, deployment, and use of AI systems responsibly. Each control below maps to specific AI security vulnerabilities found in real-world AI/ML packages.

1228

CVEs Mapped

6

Controls with CVEs

1796

Total Mappings

ISO 42001 EU AI Act NIST AI RMF OWASP LLM Top 10

Controls & Mapped Vulnerabilities

A.5.4

AI system impact assessment process

0 CVEs

A.6.2.4

AI system risk assessment

20 CVEs

CRITICAL

CVE-2024-41112 CVSS 9.8

streamlit-geospatial: RCE via eval() on palette input

CRITICAL

CVE-2025-11201 CVSS 9.8

mlflow: Path Traversal enables file access

CRITICAL

CVE-2023-38896 CVSS 9.8

LangChain: RCE via unsandboxed LLM code execution

+ 17 more CVEs mapped to this control

A.6.2.6

AI system risk treatment

245 CVEs

CRITICAL

GHSA-vvpj-8cmc-gx39 CVSS 10.0

picklescan: security flaw enables exploitation

CRITICAL

CVE-2024-2912 CVSS 10.0

BentoML: RCE via insecure deserialization (CVSS 10)

CRITICAL

CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

+ 242 more CVEs mapped to this control

A.7.3

Awareness — AI-specific threats

8 CVEs

CRITICAL

CVE-2025-6853 CVSS 9.8

Langchain-Chatchat: path traversal in KB upload

CRITICAL

CVE-2025-59434 CVSS 9.6

Flowise Cloud: cross-tenant env var exposure leaks API keys

HIGH

CVE-2025-58757 CVSS 8.8

MONAI: unsafe pickle deserialization RCE in data pipeline

+ 5 more CVEs mapped to this control

A.10.2

AI system lifecycle

16 CVEs

CRITICAL

CVE-2025-54381 CVSS 9.9

BentoML: unauthenticated SSRF via file upload URLs

HIGH

CVE-2024-1540 CVSS 8.2

Gradio: CI/CD command injection enables secrets exfil

HIGH

CVE-2024-39720 CVSS 8.2

Ollama: OOB read in GGUF parser enables remote DoS

+ 13 more CVEs mapped to this control

A.10.3

Data quality for AI systems

15 CVEs

CRITICAL

CVE-2023-25664 CVSS 9.8

TensorFlow: heap overflow in AvgPoolGrad, RCE risk

CRITICAL

CVE-2026-33475 CVSS 9.1

langflow: security flaw enables exploitation

HIGH

CVE-2022-23566 CVSS 8.8

TensorFlow: heap OOB write in Grappler, RCE risk

+ 12 more CVEs mapped to this control

A.10.4

AI system testing and validation

1 CVEs

CRITICAL

CVE-2020-15205 CVSS 9.8

TensorFlow: heap overflow in StringNGrams, ASLR bypass

B.4

Monitoring and measurement of AI risks

0 CVEs

Download Full Evidence Pack

Get the complete ISO 42001 evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack