AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity

MEDIUM

n8n: LDAP injection enables auth bypass in workflows

Auth Bypass Data Extraction Agent Framework

n8n Patch: 1.123.27 CWE-90 16 3 ATLAS

MEDIUM

n8n: secrets vault bypass exposes credentials to low-priv users

Auth Bypass Data Extraction Data Leakage Agent Framework API

n8n Patch: 1.123.23 CWE-863 16 5 ATLAS

MEDIUM

n8n: OAuth state forgery hijacks user credentials

Auth Bypass Social Engineering Data Extraction Agent Framework API

n8n Patch: 2.8.0 CWE-863 16 6 ATLAS

MEDIUM

n8n: uninitialized buffer leaks secrets via Task Runner

Data Leakage Data Extraction Agent Framework

n8n Patch: 1.123.22 CWE-908 16 4 ATLAS

MEDIUM EXPLOIT AVAIL

AI component: IDOR enables unauthorized data access

Data Leakage Code Execution API Model Inference

CWE-639 6 ATLAS

MEDIUM EXPLOIT AVAIL

AI component: Input Validation flaw enables exploitation

Model Poisoning Code Execution Framework RAG Model

CWE-20 5 ATLAS

MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-5cxw-w2xg-2m8h

1mo ago

Supply Chain Data Extraction Code Execution Framework Model Training Data

fickling Patch: 0.1.10 CWE-184 57 5 ATLAS

MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-r48f-3986-4f9c

1mo ago

Data Extraction Code Execution Auth Bypass Framework

fickling Patch: 0.1.10 CWE-184 57 5 ATLAS

MEDIUM

Greenshift: Info Disclosure leaks sensitive data

Data Extraction Data Leakage Supply Chain API RAG Plugin

CWE-200 9 ATLAS

MEDIUM

langgraph: Deserialization enables RCE

Code Execution Data Leakage Supply Chain Framework Agent

langgraph Patch: 1.0.10 CWE-502 3.1K 5 ATLAS

MEDIUM

gradio: Info Disclosure leaks sensitive data

Data Extraction Code Execution Auth Bypass Framework RAG API

gradio CWE-200 679 7 ATLAS

MEDIUM EXPLOIT AVAIL

gradio: Weak Credentials allow account compromise

Supply Chain Model Poisoning Code Execution Framework Agent API

gradio CWE-522 679 8 ATLAS

MEDIUM

n8n: XSS enables session hijacking

Prompt Injection Data Extraction Code Execution Agent RAG API

n8n CWE-79 16 10 ATLAS

MEDIUM

langgraph-checkpoint: Deserialization enables RCE

Code Execution Supply Chain Framework Agent

langgraph-checkpoint Patch: 4.0.0 CWE-502 3.1K 4 ATLAS

MEDIUM

LangChain: SSRF allows internal network access

Data Extraction Code Execution DoS Framework RAG Agent

CWE-918 7 ATLAS

MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-mhc9-48gj-9gp3

2mo ago

Supply Chain Code Execution Framework Model

fickling Patch: 0.1.8 CWE-184 57 7 ATLAS

MEDIUM EXPLOIT AVAIL

ray: Missing Auth allows unauthenticated access

Auth Bypass DoS Framework Inference

ray Patch: 2.54.0 CWE-306 847 4 ATLAS

MEDIUM

OpenClaw: path traversal allows arbitrary file write

Code Execution Data Leakage Agent Plugin

openclaw CWE-22 4 3 ATLAS 1 incident

MEDIUM

OpenClaw: UI deception enables arbitrary command execution

Social Engineering Code Execution Agent

openclaw CWE-451 4 5 ATLAS 1 incident

MEDIUM

ffmpeg: security flaw enables exploitation

Code Execution Auth Bypass DoS Framework RAG Model

5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?