AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
UNKN E CVE-2026-30823 Flowise: IDOR enables account takeover and SSO bypass 0.0% flowise Mar 7 UNKN E CVE-2026-30822 Flowise: mass assignment allows unauthenticated DB injection 0.3% flowise Mar 7 CRIT E CVE-2026-30821 flowise: Arbitrary File Upload enables RCE 9.8 0.2% flowise Mar 7 HIGH E CVE-2026-30820 Flowise: header spoof auth bypass exposes admin API & creds 8.8 0.1% flowise Mar 7 HIGH E CVE-2026-27905 bentoml: security flaw enables exploitation 7.8 0.0% bentoml Mar 3 HIGH E CVE-2026-28416 gradio: SSRF allows internal network access 8.6 0.0% gradio Feb 27 HIGH E CVE-2026-28414 gradio: security flaw enables exploitation 7.5 3.2% gradio Feb 27 MEDI E CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 0.0% gradio Feb 27 CRIT E CVE-2026-27966 langflow: Code Injection enables RCE 9.8 36.6% langflow Feb 26 MEDI E CVE-2026-27482 ray: Missing Auth allows unauthenticated access 5.9 0.1% ray Feb 20 HIGH E CVE-2026-26286 sillytavern: SSRF allows internal network access 8.5 0.0% Feb 19 LOW E CVE-2026-24764 OpenClaw: indirect prompt injection via Slack metadata 3.7 0.0% openclaw Feb 19 CRIT E CVE-2026-2654 smolagents: SSRF allows internal network access 9.8 0.0% smolagents Feb 18 HIGH E CVE-2026-25580 pydantic-ai: SSRF allows internal network access 8.6 0.0% pydantic-ai-slim Feb 6 MEDI E CVE-2026-25475 OpenClaw: path traversal enables arbitrary file read 6.5 0.1% openclaw Feb 4 CRIT E CVE-2026-25481 langroid: Code Injection enables RCE 0.0% Feb 2 HIGH E CVE-2026-1117 lollms: Access Control bypass enables privilege escalation 8.2 0.1% lollms Feb 2 MEDI E CVE-2025-6208 llama-index-core: DoS causes service disruption 5.3 0.0% llama-index-core Feb 2 HIGH E CVE-2026-0599 text-generation: DoS causes service disruption 7.5 0.3% Feb 2 HIGH E CVE-2025-10279 mlflow: security flaw enables exploitation 7.0 0.0% mlflow Feb 2

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial