AI Threat Alert

OWASP LLM Top 10 Compliance Tracker

The OWASP Top 10 for LLM Applications identifies the most critical security risks for applications using Large Language Models. Each risk category below is mapped to real CVEs affecting AI/ML packages in production.

1566
CVEs Mapped
10
Controls with CVEs
2102
Total Mappings
ISO 42001 EU AI Act NIST AI RMF OWASP LLM Top 10

Controls & Mapped Vulnerabilities

LLM01

Prompt Injection

61 CVEs
CRITICAL
CVE-2023-29374 CVSS 9.8

LangChain: RCE via prompt injection in LLMMathChain

CRITICAL
CVE-2026-27966 CVSS 9.8

langflow: Code Injection enables RCE

CRITICAL
CVE-2024-8309 CVSS 9.8

LangChain GraphCypher: prompt injection enables DB wipe

+ 58 more CVEs mapped to this control

LLM02

Sensitive Information Disclosure

120 CVEs
CRITICAL
CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

CRITICAL
CVE-2026-33663 CVSS 10.0

n8n: member role steals plaintext HTTP credentials

CRITICAL
CVE-2026-25053 CVSS 9.9

n8n: Command Injection enables RCE

+ 117 more CVEs mapped to this control

LLM03

Supply Chain Vulnerabilities

118 CVEs
CRITICAL
CVE-2026-25115 CVSS 9.9

n8n: Protection Bypass circumvents security controls

CRITICAL
CVE-2023-6019 CVSS 9.8

Ray: unauthenticated RCE via dashboard command injection

CRITICAL
CVE-2023-1177 CVSS 9.8

MLflow: path traversal allows arbitrary file read/write

+ 115 more CVEs mapped to this control

LLM04

Data and Model Poisoning

160 CVEs
CRITICAL
CVE-2025-53002 CVSS 9.8

LLaMA-Factory: RCE via unsafe checkpoint deserialization

CRITICAL
CVE-2026-27493 CVSS 9.0

n8n: Code Injection enables RCE

HIGH
CVE-2025-5302 CVSS 8.6

llama-index: JSON parsing DoS via deep recursion

+ 157 more CVEs mapped to this control

LLM05

Improper Output Handling

185 CVEs
CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

CRITICAL
CVE-2025-15379 CVSS 10.0

MLflow: RCE via unsanitized model dependency specs

CRITICAL
CVE-2026-33309 CVSS 9.9

langflow: Path Traversal enables file access

+ 182 more CVEs mapped to this control

LLM06

Excessive Agency

200 CVEs
CRITICAL
CVE-2026-33663 CVSS 10.0

n8n: member role steals plaintext HTTP credentials

CRITICAL
CVE-2026-25049 CVSS 9.9

n8n: security flaw enables exploitation

CRITICAL
CVE-2026-0863 CVSS 9.9

n8n: Code Injection enables RCE

+ 197 more CVEs mapped to this control

LLM07

System Prompt Leakage

200 CVEs
CRITICAL
CVE-2025-59528 CVSS 10.0

Flowise: Unauthenticated RCE via MCP config injection

CRITICAL
CVE-2026-34938 CVSS 10.0

praisonaiagents: sandbox bypass enables full host RCE

CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

+ 197 more CVEs mapped to this control

LLM08

Vector and Embedding Weaknesses

149 CVEs
CRITICAL
CVE-2026-39888 CVSS 10.0

praisonaiagents: sandbox escape enables host RCE

CRITICAL
CVE-2025-14931 CVSS 10.0

smolagents: RCE via pickle deserialization in executor

CRITICAL
CVE-2026-26030 CVSS 10.0

semantic-kernel: Code Injection enables RCE

+ 146 more CVEs mapped to this control

LLM09

Misinformation

19 CVEs
CRITICAL
CVE-2024-39236 CVSS 9.8

Gradio: code injection via component metadata (CVSS 9.8)

CRITICAL
CVE-2025-61260 CVSS 9.8

OpenAI Codex CLI: RCE via malicious MCP config files

HIGH
GHSA-m3mh-3mpg-37hw CVSS 8.6

OpenClaw: .npmrc hijack enables RCE on plugin install

+ 16 more CVEs mapped to this control

LLM10

Unbounded Consumption

24 CVEs
HIGH
CVE-2025-2099 CVSS 7.5

transformers: ReDoS in testing_utils causes DoS

HIGH
CVE-2022-41898 CVSS 7.5

TensorFlow: DoS crash via empty SparseFillEmptyRowsGrad inputs

HIGH
CVE-2022-41889 CVSS 7.5

TensorFlow: NULL ptr deref DoS via quantized tensor input

+ 21 more CVEs mapped to this control

Download Full Evidence Pack

Get the complete OWASP LLM Top 10 evidence pack with all CVE-to-control mappings, rationale, and audit-ready documentation. Exportable as CSV.

Get Evidence Pack