AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 435 results — High severity, Active exploitation

HIGH EXPLOIT AVAIL

fickling: Allowlist Bypass evades input filtering

CVE-2026-22606

EPSS 0.1%

3mo ago

Supply Chain Code Execution Framework Model

fickling Patch: 0.1.7 CWE-184 57 5 ATLAS

HIGH EXPLOIT AVAIL

OAI CN5G AMF: unauthenticated JSON DoS on 5G SBI interface

oai-cn5g-amf 13.6K 3 ATLAS

HIGH EXPLOIT AVAIL

OAI CN5G AMF: Unauthenticated buffer overflow, RCE/DoS

DoS Code Execution Inference API

oai-cn5g-amf 13.6K 3 ATLAS

HIGH EXPLOIT AVAIL

mcp_typescript_sdk: security flaw enables exploitation

DoS Framework API Agent

4 ATLAS

HIGH EXPLOIT AVAIL

lmdeploy: Deserialization enables RCE

Supply Chain Code Execution Framework Model Inference

CWE-502 6 ATLAS

HIGH EXPLOIT AVAIL

langchain-core: Deserialization enables RCE

Supply Chain Code Execution Data Extraction Framework Agent

langchain_core CWE-502 2.6K 6 ATLAS

HIGH KEV SCANNER

n8n: security flaw enables exploitation

Code Execution Auth Bypass Data Extraction Agent Framework Plugin

n8n CWE-913 16 9 ATLAS

HIGH EXPLOIT AVAIL

langflow: File Control enables path manipulation

Code Execution Auth Bypass Framework Agent

langflow CWE-73 5 ATLAS

HIGH EXPLOIT AVAIL

nbconvert: security flaw enables exploitation

CVE-2025-53000

EPSS 0.0%

4mo ago

Code Execution Supply Chain Framework

CWE-427 4 ATLAS

HIGH EXPLOIT AVAIL

fickling: Code Injection enables RCE

CVE-2025-67748

EPSS 0.0%

4mo ago

Supply Chain Code Execution Framework Model

fickling Patch: 0.1.6 CWE-94 57 5 ATLAS

HIGH EXPLOIT AVAIL

fickling: Allowlist Bypass evades input filtering

CVE-2025-67747

EPSS 0.1%

4mo ago

Supply Chain Code Execution Framework Model

fickling Patch: 0.1.6 CWE-184 57 5 ATLAS

HIGH EXPLOIT AVAIL

n8n: security flaw enables exploitation

Code Execution Supply Chain Agent Framework

n8n 16 6 ATLAS

HIGH KEV SCANNER

langflow: security flaw enables exploitation

Auth Bypass Code Execution Framework Agent

langflow CWE-346 8 ATLAS

HIGH EXPLOIT AVAIL

open-webui: SSRF allows internal network access

Data Extraction Data Leakage Code Execution API RAG

open-webui Patch: 0.6.37 CWE-918 6 ATLAS

HIGH EXPLOIT AVAIL

mcp-server-kubernetes: Command Injection enables RCE

Code Execution Prompt Injection Auth Bypass Agent Plugin Framework

7 ATLAS

HIGH EXPLOIT AVAIL

mlx: security flaw enables exploitation

DoS Supply Chain Framework Model

mlx CWE-476 283 5 ATLAS

HIGH EXPLOIT AVAIL

AI component: Arbitrary File Upload enables RCE

Code Execution Supply Chain Data Extraction Plugin API

6 ATLAS 1 incident

HIGH EXPLOIT AVAIL

open-webui: Code Injection enables RCE

Code Execution Auth Bypass Social Engineering Inference API Plugin

open-webui Patch: 0.6.35 CWE-95 9 ATLAS

HIGH EXPLOIT AVAIL

Open WebUI: XSS-to-RCE via malicious prompt injection

Code Execution Data Extraction Auth Bypass Framework Agent API

open-webui Patch: 0.6.35 CWE-79 7 ATLAS

HIGH EXPLOIT AVAIL

langgraph-checkpoint: Deserialization enables RCE

CVE-2025-64439

EPSS 1.1%

6mo ago

Code Execution Supply Chain Framework Agent

langgraph-checkpoint Patch: 3.0.0 CWE-502 3.1K 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?