AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

230

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 569 results — Medium severity
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-33751 n8n: LDAP injection enables auth bypass in workflows 4.8 0.0% n8n Mar 25 MEDI CVE-2026-33722 n8n: secrets vault bypass exposes credentials to low-priv users 5.3 0.0% n8n Mar 25 MEDI CVE-2026-33720 n8n: OAuth state forgery hijacks user credentials 4.2 0.0% n8n Mar 25 MEDI CVE-2026-27496 n8n: uninitialized buffer leaks secrets via Task Runner 6.5 0.0% n8n Mar 25 MEDI E CVE-2026-33401 Wallos: SSRF allows internal network access 6.5 0.0% Mar 24 MEDI E CVE-2026-30886 AI component: IDOR enables unauthorized data access 6.5 0.0% Mar 23 MEDI GHSA-5cxw-w2xg-2m8h fickling: Allowlist Bypass evades input filtering fickling Mar 13 MEDI GHSA-r48f-3986-4f9c fickling: Allowlist Bypass evades input filtering fickling Mar 13 MEDI CVE-2026-2589 Greenshift: Info Disclosure leaks sensitive data 5.3 0.0% Mar 6 MEDI CVE-2026-28277 langgraph: Deserialization enables RCE 6.8 0.3% langgraph Mar 5 MEDI CVE-2026-28415 gradio: Info Disclosure leaks sensitive data 4.7 0.0% gradio Feb 27 MEDI E CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 0.0% gradio Feb 27 MEDI CVE-2026-27578 n8n: XSS enables session hijacking 5.4 0.0% n8n Feb 25 MEDI CVE-2026-27794 langgraph-checkpoint: Deserialization enables RCE 6.6 0.4% langgraph-checkpoint Feb 25 MEDI GHSA-mhc9-48gj-9gp3 fickling: Allowlist Bypass evades input filtering fickling Feb 25 MEDI E CVE-2026-27482 ray: Missing Auth allows unauthenticated access 5.9 0.1% ray Feb 20 MEDI CVE-2026-26972 OpenClaw: path traversal allows arbitrary file write 6.7 0.0% openclaw Feb 20 MEDI CVE-2026-26320 OpenClaw: UI deception enables arbitrary command execution 6.5 0.0% openclaw Feb 19 MEDI CVE-2025-12343 ffmpeg: security flaw enables exploitation 5.5 0.0% Feb 18 MEDI CVE-2026-26019 langchain_community: SSRF allows internal network access 4.1 0.0% langchain_community Feb 11

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial