AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity

MEDIUM

langchain_community: SSRF allows internal network access

Data Extraction Framework RAG Agent

langchain_community CWE-918 2.6K 8 ATLAS

MEDIUM

n8n: Input Validation flaw enables exploitation

Code Execution Social Engineering Agent RAG API

n8n CWE-20 16 7 ATLAS

MEDIUM

pydantic-ai: Path Traversal enables file access

Code Execution Data Extraction Framework Agent

pydantic-ai-slim Patch: 1.51.0 CWE-22 416 5 ATLAS

MEDIUM EXPLOIT AVAIL

OpenClaw: path traversal enables arbitrary file read

Data Extraction Privacy Violation Supply Chain Agent Plugin

openclaw CWE-22 4 5 ATLAS 1 incident

MEDIUM

n8n: XSS enables session hijacking

Auth Bypass Code Execution Data Extraction Agent Framework API

n8n CWE-79 16 7 ATLAS

MEDIUM

n8n: XSS enables session hijacking

Code Execution Auth Bypass Data Extraction Agent Framework API

n8n CWE-79 16 6 ATLAS

MEDIUM

sagemaker: security flaw enables exploitation

Supply Chain Code Execution Inference Framework

sagemaker Patch: 3.1.1 CWE-295 51 5 ATLAS

MEDIUM

picklescan: Deserialization enables RCE

GHSA-m7j5-r2p5-c39r

3mo ago

Supply Chain DoS Code Execution Framework Model Training Data

picklescan Patch: 1.0.1 CWE-502 3 4 ATLAS

MEDIUM EXPLOIT AVAIL

llama-index-core: DoS causes service disruption

llama-index-core Patch: 0.12.41 CWE-400 1.1K 4 ATLAS

MEDIUM

agentos-taskweaver: Protection Bypass circumvents security controls

GHSA-gpx9-96j6-pp87

6.5

3mo ago

Prompt Injection Code Execution Auth Bypass Agent Framework Plugin

CWE-693 6 ATLAS

MEDIUM EXPLOIT AVAIL

bentoml: Path Traversal enables file access

Supply Chain Data Extraction Framework Inference

bentoml CWE-22 23 8 ATLAS

MEDIUM

chainlit: IDOR enables unauthorized data access

Auth Bypass Data Leakage Framework Agent

chainlit Patch: 2.8.5 CWE-639 39 7 ATLAS

MEDIUM

n8n: security flaw enables exploitation

Auth Bypass Code Execution Agent Framework

n8n CWE-134 16 4 ATLAS

MEDIUM EXPLOIT AVAIL

BetterDocs: Info Disclosure leaks sensitive data

Data Leakage Data Extraction Auth Bypass API Plugin

CWE-200 7 ATLAS

MEDIUM

n8n: security flaw enables exploitation

Auth Bypass Code Execution Agent Framework

n8n CWE-290 16 6 ATLAS

MEDIUM EXPLOIT AVAIL

monai: Path Traversal enables file access

Supply Chain Code Execution Framework

monai Patch: 1.5.2 CWE-22 105 4 ATLAS

MEDIUM EXPLOIT AVAIL

AI component: Missing Auth allows unauthorized operations

Auth Bypass Plugin API

CWE-862 4 ATLAS

MEDIUM

picklescan: Code Injection enables RCE

GHSA-6556-fwc2-fg2p

4mo ago

Supply Chain Code Execution Framework Model

picklescan Patch: 0.0.33 CWE-94 3 6 ATLAS

MEDIUM

picklescan: Code Injection enables RCE

GHSA-cffc-mxrf-mhh4

4mo ago

Supply Chain Code Execution Framework Model

picklescan Patch: 0.0.33 CWE-94 3 5 ATLAS

MEDIUM

n8n: security flaw enables exploitation

Code Execution Data Extraction Data Leakage Agent Framework

n8n CWE-269 16 7 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?