AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 267 results — Medium severity, Active exploitationHuggingFace Transformers: RCE via malicious checkpoint load
CVE-2026-1839 ONNX: symlink traversal reads host files via model loading
CVE-2026-34447 smolagents: code injection via incomplete sandbox fix
CVE-2026-4963 open-webui: missing authz allows cross-KB file deletion
CVE-2026-29070 Open WebUI: path traversal leaks server filesystem path
CVE-2026-28786 AI component: IDOR enables unauthorized data access
CVE-2026-30886 AI component: Input Validation flaw enables exploitation
CVE-2026-4538 gradio: Weak Credentials allow account compromise
CVE-2026-27167 ray: Missing Auth allows unauthenticated access
CVE-2026-27482 OpenClaw: path traversal enables arbitrary file read
CVE-2026-25475 llama-index-core: DoS causes service disruption
CVE-2025-6208 bentoml: Path Traversal enables file access
CVE-2026-24123 BetterDocs: Info Disclosure leaks sensitive data
CVE-2025-14980 monai: Path Traversal enables file access
CVE-2026-21851 AI component: Missing Auth allows unauthorized operations
CVE-2025-14371 local-deep-research: SSRF allows internal network access
CVE-2025-67743 langflow: SSRF allows internal network access
CVE-2025-68477 AI component: SQL Injection exposes database
CVE-2025-13922 dspy: security flaw enables exploitation
CVE-2025-12695 Keras: safe_mode bypass enables file read and SSRF
CVE-2025-12058 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial