AI Threat Alert AI Threat Alert

OWASP LLM Top 10 Compliance Tracker

The OWASP Top 10 for LLM Applications identifies the most critical security risks for applications using Large Language Models. Each risk category below is mapped to real CVEs affecting AI/ML packages in production.

1058
CVEs Mapped
10
Controls with CVEs
1405
Total Mappings
ISO 42001 EU AI Act NIST AI RMF OWASP LLM Top 10

Controls & Mapped Vulnerabilities

LLM01

Prompt Injection

27 CVEs
CRITICAL
CVE-2023-36095 CVSS 9.8

LangChain PALChain: RCE via unsanitized exec() calls

CRITICAL
CVE-2024-8309 CVSS 9.8

LangChain GraphCypher: prompt injection enables DB wipe

CRITICAL
CVE-2024-23751 CVSS 9.8

LlamaIndex: SQL injection in Text-to-SQL feature

+ 24 more CVEs mapped to this control

LLM02

Sensitive Information Disclosure

63 CVEs
CRITICAL
CVE-2026-33663 CVSS 10.0

n8n: member role steals plaintext HTTP credentials

CRITICAL
CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

CRITICAL
CVE-2026-25053 CVSS 9.9

n8n: Command Injection enables RCE

+ 60 more CVEs mapped to this control

LLM03

Supply Chain Vulnerabilities

83 CVEs
CRITICAL
CVE-2026-25115 CVSS 9.9

n8n: Protection Bypass circumvents security controls

CRITICAL
CVE-2025-3248 CVSS 9.8

Langflow: Unauth RCE via code injection endpoint

CRITICAL
CVE-2026-22807 CVSS 9.8

vllm: Code Injection enables RCE

+ 80 more CVEs mapped to this control

LLM04

Data and Model Poisoning

144 CVEs
CRITICAL
CVE-2025-53002 CVSS 9.8

LLaMA-Factory: RCE via unsafe checkpoint deserialization

CRITICAL
CVE-2026-27493 CVSS 9.0

n8n: Code Injection enables RCE

HIGH
CVE-2025-5302 CVSS 8.6

llama-index: JSON parsing DoS via deep recursion

+ 141 more CVEs mapped to this control

LLM05

Improper Output Handling

151 CVEs
CRITICAL
CVE-2025-15379 CVSS 10.0

MLflow: RCE via unsanitized model dependency specs

CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

CRITICAL
CVE-2026-33309 CVSS 9.9

langflow: Path Traversal enables file access

+ 148 more CVEs mapped to this control

LLM06

Excessive Agency

103 CVEs
CRITICAL
CVE-2026-33663 CVSS 10.0

n8n: member role steals plaintext HTTP credentials

CRITICAL
CVE-2026-25592 CVSS 9.9

semantic-kernel: Path Traversal enables file access

CRITICAL
CVE-2026-25049 CVSS 9.9

n8n: security flaw enables exploitation

+ 100 more CVEs mapped to this control

LLM07

System Prompt Leakage

108 CVEs
CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

CRITICAL
CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

CRITICAL
CVE-2025-53767 CVSS 10.0

Azure OpenAI: SSRF EoP, no auth required (CVSS 10)

+ 105 more CVEs mapped to this control

LLM08

Vector and Embedding Weaknesses

67 CVEs
CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

CRITICAL
CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

CRITICAL
CVE-2026-25592 CVSS 9.9

semantic-kernel: Path Traversal enables file access

+ 64 more CVEs mapped to this control

LLM09

Misinformation

16 CVEs
CRITICAL
CVE-2024-39236 CVSS 9.8

Gradio: code injection via component metadata (CVSS 9.8)

HIGH
GHSA-m3mh-3mpg-37hw CVSS 8.6

OpenClaw: .npmrc hijack enables RCE on plugin install

HIGH
CVE-2021-37662 CVSS 7.8

TensorFlow: null deref in BoostedTrees training ops

+ 13 more CVEs mapped to this control

LLM10

Unbounded Consumption

19 CVEs
HIGH
CVE-2025-0453 CVSS 7.5

MLflow: GraphQL DoS disables ML tracking server

HIGH
CVE-2022-41889 CVSS 7.5

TensorFlow: NULL ptr deref DoS via quantized tensor input

HIGH
CVE-2022-35999 CVSS 7.5

TensorFlow: DoS via empty Conv2DBackpropInput tensors

+ 16 more CVEs mapped to this control

Download Full Evidence Pack

Get the complete OWASP LLM Top 10 evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack