LLM01
Prompt Injection
80 CVEs
CRITICAL CVE-2026-47392
CVSS 9.9 praisonaiagents: RCE via Python sandbox bypass
+ 77 more CVEs mapped to this control
LLM02
Sensitive Information Disclosure
157 CVEs
CRITICAL CVE-2026-34938
CVSS 10.0 praisonaiagents: sandbox bypass enables full host RCE
CRITICAL CVE-2026-33663
CVSS 10.0 n8n: member role steals plaintext HTTP credentials
+ 154 more CVEs mapped to this control
LLM03
Supply Chain Vulnerabilities
147 CVEs
CRITICAL CVE-2026-25115
CVSS 9.9 n8n: Protection Bypass circumvents security controls
CRITICAL CVE-2025-54951
CVSS 9.8 ExecuTorch: heap buffer overflow RCE in model loading
CRITICAL CVE-2024-11958
CVSS 9.8 llama-index DuckDB retriever: SQLi enables RCE
+ 144 more CVEs mapped to this control
LLM04
Data and Model Poisoning
178 CVEs
CRITICAL CVE-2025-53002
CVSS 9.8 LLaMA-Factory: RCE via unsafe checkpoint deserialization
CRITICAL CVE-2026-55450
CVSS 9.3 Langflow: unauthenticated upload → DoS + path disclosure
+ 175 more CVEs mapped to this control
LLM05
Improper Output Handling
218 CVEs
CRITICAL CVE-2025-71338
CVSS 10.0 Flowise: unauthenticated file write enables RCE
CRITICAL CVE-2026-3490
CVSS 10.0 picklescan: blocklist bypass enables full RCE
CRITICAL CVE-2026-35307
CVSS 10.0 Oracle Coherence: unauthenticated RCE, CVSS 10.0
+ 215 more CVEs mapped to this control
LLM06
Excessive Agency
346 CVEs
CRITICAL CVE-2026-33663
CVSS 10.0 n8n: member role steals plaintext HTTP credentials
CRITICAL CVE-2026-46695
CVSS 10.0 Boxlite: read-only bypass enables host code execution
+ 343 more CVEs mapped to this control
LLM07
System Prompt Leakage
294 CVEs
CRITICAL CVE-2025-14931
CVSS 10.0 smolagents: RCE via pickle deserialization in executor
CRITICAL CVE-2025-53767
CVSS 10.0 Azure OpenAI: SSRF EoP, no auth required (CVSS 10)
+ 291 more CVEs mapped to this control
LLM08
Vector and Embedding Weaknesses
273 CVEs
CRITICAL CVE-2025-14931
CVSS 10.0 smolagents: RCE via pickle deserialization in executor
CRITICAL CVE-2026-39888
CVSS 10.0 praisonaiagents: sandbox escape enables host RCE
+ 270 more CVEs mapped to this control
LLM09
Misinformation
20 CVEs
CRITICAL CVE-2024-39236
CVSS 9.8 Gradio: code injection via component metadata (CVSS 9.8)
CRITICAL CVE-2025-61260
CVSS 9.8 OpenAI Codex CLI: RCE via malicious MCP config files
+ 17 more CVEs mapped to this control
LLM10
Unbounded Consumption
31 CVEs
HIGH GHSA-5qw8-f2g9-ff29
CVSS 8.2 PraisonAI: auth bypass exposes recipe API to unauthenticated callers
HIGH CVE-2025-48956
CVSS 7.5 vLLM: unauthenticated DoS via oversized HTTP header
HIGH CVE-2022-35997
CVSS 7.5 TensorFlow: CHECK-fail DoS in tf.sparse.cross op
+ 28 more CVEs mapped to this control
Download Full Evidence Pack
Get the complete OWASP LLM Top 10 evidence pack with all CVE-to-control mappings,
rationale, and audit-ready documentation. Exportable as CSV.
Get Evidence Pack