LLM01
Prompt Injection
80 CVEs
CRITICAL CVE-2026-47392
CVSS 9.9 praisonaiagents: RCE via Python sandbox bypass
CRITICAL CVE-2024-23751
CVSS 9.8 LlamaIndex: SQL injection in Text-to-SQL feature
+ 77 more CVEs mapped to this control
LLM02
Sensitive Information Disclosure
157 CVEs
CRITICAL CVE-2026-34938
CVSS 10.0 praisonaiagents: sandbox bypass enables full host RCE
CRITICAL CVE-2026-33663
CVSS 10.0 n8n: member role steals plaintext HTTP credentials
+ 154 more CVEs mapped to this control
LLM03
Supply Chain Vulnerabilities
147 CVEs
CRITICAL CVE-2026-25115
CVSS 9.9 n8n: Protection Bypass circumvents security controls
CRITICAL CVE-2025-32434
CVSS 9.8 PyTorch: RCE bypasses weights_only=True safe-load guard
CRITICAL CVE-2025-53002
CVSS 9.8 LLaMA-Factory: RCE via unsafe checkpoint deserialization
+ 144 more CVEs mapped to this control
LLM04
Data and Model Poisoning
178 CVEs
CRITICAL CVE-2025-53002
CVSS 9.8 LLaMA-Factory: RCE via unsafe checkpoint deserialization
CRITICAL CVE-2026-55450
CVSS 9.3 Langflow: unauthenticated upload → DoS + path disclosure
+ 175 more CVEs mapped to this control
LLM05
Improper Output Handling
218 CVEs
CRITICAL CVE-2026-35307
CVSS 10.0 Oracle Coherence: unauthenticated RCE, CVSS 10.0
CRITICAL CVE-2025-71338
CVSS 10.0 Flowise: unauthenticated file write enables RCE
+ 215 more CVEs mapped to this control
LLM06
Excessive Agency
346 CVEs
CRITICAL CVE-2026-33663
CVSS 10.0 n8n: member role steals plaintext HTTP credentials
CRITICAL CVE-2026-46695
CVSS 10.0 Boxlite: read-only bypass enables host code execution
CRITICAL CVE-2026-25592
CVSS 9.9 semantic-kernel: Path Traversal enables file access
+ 343 more CVEs mapped to this control
LLM07
System Prompt Leakage
294 CVEs
CRITICAL CVE-2026-39888
CVSS 10.0 praisonaiagents: sandbox escape enables host RCE
CRITICAL CVE-2025-71338
CVSS 10.0 Flowise: unauthenticated file write enables RCE
CRITICAL CVE-2026-34938
CVSS 10.0 praisonaiagents: sandbox bypass enables full host RCE
+ 291 more CVEs mapped to this control
LLM08
Vector and Embedding Weaknesses
273 CVEs
CRITICAL CVE-2026-39888
CVSS 10.0 praisonaiagents: sandbox escape enables host RCE
CRITICAL CVE-2025-14931
CVSS 10.0 smolagents: RCE via pickle deserialization in executor
+ 270 more CVEs mapped to this control
LLM09
Misinformation
20 CVEs
CRITICAL CVE-2024-39236
CVSS 9.8 Gradio: code injection via component metadata (CVSS 9.8)
CRITICAL CVE-2025-61260
CVSS 9.8 OpenAI Codex CLI: RCE via malicious MCP config files
+ 17 more CVEs mapped to this control
LLM10
Unbounded Consumption
31 CVEs
HIGH GHSA-5qw8-f2g9-ff29
CVSS 8.2 PraisonAI: auth bypass exposes recipe API to unauthenticated callers
HIGH CVE-2025-2099
CVSS 7.5 transformers: ReDoS in testing_utils causes DoS
HIGH CVE-2025-0453
CVSS 7.5 MLflow: GraphQL DoS disables ML tracking server
+ 28 more CVEs mapped to this control
Download Full Evidence Pack
Get the complete OWASP LLM Top 10 evidence pack with all CVE-to-control mappings,
rationale, and audit-ready documentation. Exportable as CSV.
Get Evidence Pack