AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-33744 BentoML: command injection in bentofile.yaml containerize 7.8 0.0% bentoml Mar 27 UNKN E CVE-2026-33401 Wallos: SSRF allows internal network access 0.0% Mar 24 HIGH E CVE-2026-33497 langflow: Path Traversal enables file access 7.5 0.0% langflow Mar 24 HIGH E CVE-2026-33484 langflow: Access Control bypass enables privilege escalation 7.5 0.0% langflow Mar 24 CRIT E CVE-2026-33475 langflow: security flaw enables exploitation 9.1 0.1% langflow Mar 24 CRIT E CVE-2026-33309 langflow: Path Traversal enables file access 9.9 0.0% langflow Mar 24 MEDI E CVE-2026-30886 AI component: IDOR enables unauthorized data access 6.5 0.0% Mar 23 MEDI E CVE-2026-4538 AI component: Input Validation flaw enables exploitation 5.3 0.0% Mar 22 CRIT CVE-2026-33017 langflow: Code Injection enables RCE 9.8 41.2% langflow Mar 20 HIGH E CVE-2026-33236 nltk: Path Traversal enables file access 8.1 0.0% Mar 19 CRIT E CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 0.4% mlflow Mar 18 HIGH E CVE-2026-33155 deepdiff: DoS causes service disruption 0.1% Mar 18 CRIT E CVE-2026-28500 onnx: Integrity Verification bypass enables tampering 9.1 0.0% onnx Mar 18 HIGH E CVE-2025-14287 mlflow: Code Injection enables RCE 7.5 0.3% mlflow Mar 16 CRIT E CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 0.4% openclaw Mar 11 HIGH E CVE-2026-31829 Flowise: SSRF via HTTP Node exposes internal network 8.8 0.1% flowise-components Mar 10 CRIT E CVE-2026-27825 mcp-atlassian: Path Traversal enables file access 9.1 0.0% mcp-atlassian Mar 10 HIGH E CVE-2026-27826 mcp-atlassian: SSRF allows internal network access 8.2 0.1% mcp-atlassian Mar 10 CRIT E CVE-2026-25960 vllm: SSRF allows internal network access 9.8 0.0% vllm Mar 9 CRIT E CVE-2026-30824 Flowise: auth bypass exposes NVIDIA NIM container endpoints 9.8 9.4% flowise Mar 7

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial