AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsFlowise: prompt injection bypasses Python sandbox RCE
GHSA-v38x-c887-992f OpenClaw: path traversal in memory_get reads arbitrary workspace files
GHSA-f934-5rqf-xx47 openclaw: path traversal leaks files and NTLM credentials
GHSA-mr34-9552-qr95 OpenClaw: auth bypass enables unauthenticated command exec
GHSA-xh72-v6v9-mwhc OpenClaw: auth bypass lets DM senders run room commands
GHSA-2gvc-4f3c-2855 OpenClaw: stale bearer token survives SecretRef rotation
GHSA-xmxx-7p24-h892 PraisonAI: SQL injection across 9 DB backends
GHSA-rg3h-x3jw-7jm5 PraisonAI: RCE via MCP command injection
GHSA-9qhq-v63v-fv3j Claude Code: config hijack via unprotected ProgramData dir
CVE-2026-35603 openclaw: CDP SSRF enables internal host pivot
GHSA-f7fh-qg34-x2xh OpenClaw: auth bypass leaks host files via media path
GHSA-jhpv-5j76-m56h openclaw: path traversal exposes host files via media tags
GHSA-66r7-m7xm-v49h openclaw: exec approval bypass via opaque multi-call binaries
GHSA-2cq5-mf3v-mx44 openclaw: auth bypass lets write-scope callers mutate admin config
GHSA-7jp6-r74r-995q openclaw: sandbox escape via host=node exec routing bypass
GHSA-736r-jwj6-4w23 openclaw: SSRF bypass via browser navigation guard gap
GHSA-536q-mj95-h29h openclaw: CDP pivot bypasses file:// navigation guards
GHSA-qmwg-qprg-3j38 openclaw: untrusted plugin auto-enabled during onboarding
GHSA-939r-rj45-g2rj openclaw: SSRF bypass in existing browser session routes
GHSA-527m-976r-jf79 openclaw: SSRF policy bypass in browser tab actions
GHSA-rj2p-j66c-mgqh Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial