OWASP LLM Top 10 Compliance Tracker

The OWASP Top 10 for LLM Applications identifies the most critical security risks for applications using Large Language Models. Each risk category below is mapped to real CVEs affecting AI/ML packages in production.

2245
CVEs Mapped
10
Controls with CVEs
2877
Total Mappings

Controls & Mapped Vulnerabilities

LLM01

Prompt Injection

80 CVEs
CRITICAL
CVE-2026-47392 CVSS 9.9

praisonaiagents: RCE via Python sandbox bypass

CRITICAL
CVE-2024-23751 CVSS 9.8

LlamaIndex: SQL injection in Text-to-SQL feature

CRITICAL
GHSA-4869-x4pr-q22x CVSS 9.8

PraisonAI: Unauthenticated RCE via Jobs API auth bypass

+ 77 more CVEs mapped to this control

LLM02

Sensitive Information Disclosure

157 CVEs
CRITICAL
CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

CRITICAL
CVE-2026-33663 CVSS 10.0

n8n: member role steals plaintext HTTP credentials

CRITICAL
CVE-2026-25053 CVSS 9.9

n8n: Command Injection enables RCE

+ 154 more CVEs mapped to this control

LLM03

Supply Chain Vulnerabilities

147 CVEs
CRITICAL
CVE-2026-25115 CVSS 9.9

n8n: Protection Bypass circumvents security controls

CRITICAL
CVE-2025-32434 CVSS 9.8

PyTorch: RCE bypasses weights_only=True safe-load guard

CRITICAL
CVE-2025-53002 CVSS 9.8

LLaMA-Factory: RCE via unsafe checkpoint deserialization

+ 144 more CVEs mapped to this control

LLM04

Data and Model Poisoning

178 CVEs
CRITICAL
CVE-2025-53002 CVSS 9.8

LLaMA-Factory: RCE via unsafe checkpoint deserialization

CRITICAL
CVE-2026-55450 CVSS 9.3

Langflow: unauthenticated upload → DoS + path disclosure

CRITICAL
CVE-2026-27493 CVSS 9.0

n8n: Code Injection enables RCE

+ 175 more CVEs mapped to this control

LLM05

Improper Output Handling

218 CVEs
CRITICAL
CVE-2026-35307 CVSS 10.0

Oracle Coherence: unauthenticated RCE, CVSS 10.0

CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

CRITICAL
CVE-2025-71338 CVSS 10.0

Flowise: unauthenticated file write enables RCE

+ 215 more CVEs mapped to this control

LLM06

Excessive Agency

346 CVEs
CRITICAL
CVE-2026-33663 CVSS 10.0

n8n: member role steals plaintext HTTP credentials

CRITICAL
CVE-2026-46695 CVSS 10.0

Boxlite: read-only bypass enables host code execution

CRITICAL
CVE-2026-25592 CVSS 9.9

semantic-kernel: Path Traversal enables file access

+ 343 more CVEs mapped to this control

LLM07

System Prompt Leakage

294 CVEs
CRITICAL
CVE-2026-39888 CVSS 10.0

praisonaiagents: sandbox escape enables host RCE

CRITICAL
CVE-2025-71338 CVSS 10.0

Flowise: unauthenticated file write enables RCE

CRITICAL
CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

+ 291 more CVEs mapped to this control

LLM08

Vector and Embedding Weaknesses

273 CVEs
CRITICAL
CVE-2026-39888 CVSS 10.0

praisonaiagents: sandbox escape enables host RCE

CRITICAL
CVE-2025-14931 CVSS 10.0

smolagents: RCE via pickle deserialization in executor

CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

+ 270 more CVEs mapped to this control

LLM09

Misinformation

20 CVEs
CRITICAL
CVE-2024-39236 CVSS 9.8

Gradio: code injection via component metadata (CVSS 9.8)

CRITICAL
CVE-2025-61260 CVSS 9.8

OpenAI Codex CLI: RCE via malicious MCP config files

HIGH
GHSA-m3mh-3mpg-37hw CVSS 8.6

OpenClaw: .npmrc hijack enables RCE on plugin install

+ 17 more CVEs mapped to this control

LLM10

Unbounded Consumption

31 CVEs
HIGH
GHSA-5qw8-f2g9-ff29 CVSS 8.2

PraisonAI: auth bypass exposes recipe API to unauthenticated callers

HIGH
CVE-2025-2099 CVSS 7.5

transformers: ReDoS in testing_utils causes DoS

HIGH
CVE-2025-0453 CVSS 7.5

MLflow: GraphQL DoS disables ML tracking server

+ 28 more CVEs mapped to this control

Download Full Evidence Pack

Get the complete OWASP LLM Top 10 evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack