AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
230
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 results Severity CVE ID Summary CVSS EPSS Package Date
CRIT GHSA-v38x-c887-992f Flowise: prompt injection bypasses Python sandbox RCE — — flowise-components Apr 18 MEDI GHSA-f934-5rqf-xx47 OpenClaw: path traversal in memory_get reads arbitrary workspace files — — openclaw Apr 17 HIGH GHSA-mr34-9552-qr95 openclaw: path traversal leaks files and NTLM credentials — — openclaw Apr 17 CRIT GHSA-xh72-v6v9-mwhc OpenClaw: auth bypass enables unauthenticated command exec — — openclaw Apr 17 HIGH GHSA-2gvc-4f3c-2855 OpenClaw: auth bypass lets DM senders run room commands — — openclaw Apr 17 HIGH GHSA-xmxx-7p24-h892 OpenClaw: stale bearer token survives SecretRef rotation — — openclaw Apr 17 HIGH GHSA-rg3h-x3jw-7jm5 PraisonAI: SQL injection across 9 DB backends 8.1 — praisonaiagents Apr 17 CRIT GHSA-9qhq-v63v-fv3j PraisonAI: RCE via MCP command injection 9.8 — praisonai Apr 17 MEDI CVE-2026-35603 Claude Code: config hijack via unprotected ProgramData dir — 0.0% @anthropic-ai/claude-code Apr 17 MEDI GHSA-f7fh-qg34-x2xh openclaw: CDP SSRF enables internal host pivot — — openclaw Apr 17 MEDI GHSA-jhpv-5j76-m56h OpenClaw: auth bypass leaks host files via media path — — openclaw Apr 17 HIGH GHSA-66r7-m7xm-v49h openclaw: path traversal exposes host files via media tags — — openclaw Apr 17 HIGH GHSA-2cq5-mf3v-mx44 openclaw: exec approval bypass via opaque multi-call binaries — — openclaw Apr 17 HIGH GHSA-7jp6-r74r-995q openclaw: auth bypass lets write-scope callers mutate admin config — — openclaw Apr 17 HIGH GHSA-736r-jwj6-4w23 openclaw: sandbox escape via host=node exec routing bypass — — openclaw Apr 17 MEDI GHSA-536q-mj95-h29h openclaw: SSRF bypass via browser navigation guard gap — — openclaw Apr 17 MEDI GHSA-qmwg-qprg-3j38 openclaw: CDP pivot bypasses file:// navigation guards — — openclaw Apr 17 HIGH GHSA-939r-rj45-g2rj openclaw: untrusted plugin auto-enabled during onboarding — — openclaw Apr 17 MEDI GHSA-527m-976r-jf79 openclaw: SSRF bypass in existing browser session routes — — openclaw Apr 17 MEDI GHSA-rj2p-j66c-mgqh openclaw: SSRF policy bypass in browser tab actions — — openclaw Apr 17 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial