AI Threat Alert

ISO 42001 Compliance Tracker

ISO/IEC 42001 is the international standard for AI management systems (AIMS). It provides a framework for organizations to manage the development, deployment, and use of AI systems responsibly. Each control below maps to specific AI security vulnerabilities found in real-world AI/ML packages.

1746
CVEs Mapped
6
Controls with CVEs
2463
Total Mappings
ISO 42001 EU AI Act NIST AI RMF OWASP LLM Top 10

Controls & Mapped Vulnerabilities

A.5.4

AI system impact assessment process

0 CVEs
A.6.2.4

AI system risk assessment

26 CVEs
CRITICAL
CVE-2023-38896 CVSS 9.8

LangChain: RCE via unsandboxed LLM code execution

CRITICAL
CVE-2025-11201 CVSS 9.8

mlflow: Path Traversal enables file access

CRITICAL
GHSA-g38g-8gr9-h9xp CVSS 9.8

picklescan: Allowlist Bypass evades input filtering

+ 23 more CVEs mapped to this control

A.6.2.6

AI system risk treatment

303 CVEs
CRITICAL
CVE-2024-12909 CVSS 10.0

llama-index finchat: SQL injection enables RCE

CRITICAL
GHSA-wpqr-6v78-jr5g CVSS 10.0

Gemini CLI: RCE via malicious workspace in CI/CD

CRITICAL
CVE-2024-2912 CVSS 10.0

BentoML: RCE via insecure deserialization (CVSS 10)

+ 300 more CVEs mapped to this control

A.7.3

Awareness — AI-specific threats

12 CVEs
CRITICAL
CVE-2025-6853 CVSS 9.8

Langchain-Chatchat: path traversal in KB upload

CRITICAL
CVE-2025-59434 CVSS 9.6

Flowise Cloud: cross-tenant env var exposure leaks API keys

HIGH
GHSA-j7w6-vpvq-j3gm CVSS 8.8

diffusers: silent RCE via None.py trust_remote_code bypass

+ 9 more CVEs mapped to this control

A.10.2

AI system lifecycle

19 CVEs
CRITICAL
CVE-2025-54381 CVSS 9.9

BentoML: unauthenticated SSRF via file upload URLs

HIGH
CVE-2024-1540 CVSS 8.2

Gradio: CI/CD command injection enables secrets exfil

HIGH
CVE-2024-39720 CVSS 8.2

Ollama: OOB read in GGUF parser enables remote DoS

+ 16 more CVEs mapped to this control

A.10.3

Data quality for AI systems

20 CVEs
CRITICAL
CVE-2023-25664 CVSS 9.8

TensorFlow: heap overflow in AvgPoolGrad, RCE risk

CRITICAL
GHSA-9qhq-v63v-fv3j CVSS 9.8

PraisonAI: RCE via MCP command injection

CRITICAL
CVE-2026-33475 CVSS 9.1

langflow: security flaw enables exploitation

+ 17 more CVEs mapped to this control

A.10.4

AI system testing and validation

2 CVEs
CRITICAL
CVE-2020-15205 CVSS 9.8

TensorFlow: heap overflow in StringNGrams, ASLR bypass

HIGH
CVE-2026-45136

claude-code-cache-fix: hook path injection → RCE

B.4

Monitoring and measurement of AI risks

0 CVEs

Download Full Evidence Pack

Get the complete ISO 42001 evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack