AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
226
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 results Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-8372-7vhw-cm6q openclaw: config redaction bypass exposes provider API keys — — openclaw Apr 17 MEDI GHSA-jwrq-8g5x-5fhm openclaw: auth context reuse enables privilege escalation — — openclaw Apr 17 HIGH GHSA-5fw2-mwhh-9947 Flowise: unauth TTS endpoint exposes stored AI API keys — — flowise Apr 17 HIGH GHSA-w47f-j8rh-wx87 Flowise: credential exposure via public chatflow API — — flowise Apr 17 HIGH GHSA-3prp-9gf7-4rxx Flowise: Mass assignment enables cross-tenant store takeover — — flowise Apr 17 MEDI GHSA-92jp-89mq-4374 openclaw: auth bypass exposes sandbox browser session — — openclaw Apr 17 LOW GHSA-r7w7-9xr2-qq2r langchain-openai: SSRF DNS rebinding, blind network probe 3.1 — langchain-openai Apr 16 MEDI GHSA-fv5p-p927-qmxr langchain-text-splitters: SSRF bypass exposes cloud metadata 6.5 — langchain-text-splitters Apr 16 HIGH GHSA-gqqj-85qm-8qhf paperclipai: connector trust bypass enables Gmail read/write 8.7 — paperclipai Apr 16 HIGH GHSA-w8hx-hqjv-vjcq Paperclip: RCE via workspace runtime command injection 7.3 — @paperclipai/server Apr 16 HIGH GHSA-f6hc-c5jr-878p Flowise: auth bypass enables account takeover via null token — — flowise Apr 16 HIGH GHSA-28g4-38q8-3cwc Flowise: Cypher injection allows full Neo4j DB wipe — — flowise-components Apr 16 HIGH GHSA-x5w6-38gp-mrqh Flowise: HTTP reset link exposes tokens to MITM takeover — — flowise Apr 16 HIGH GHSA-6f7g-v4pp-r667 Flowise: OAuth token theft via unauthenticated endpoint — — flowise Apr 16 HIGH GHSA-6r77-hqx7-7vw8 FlowiseAI: SSRF via prompt injection in API Chain 7.1 — flowise-components Apr 16 HIGH GHSA-2x8m-83vc-6wv4 Flowise: SSRF bypass exposes internal services 7.1 — flowise-components Apr 16 HIGH GHSA-xhmj-rg95-44hv Flowise: SSRF bypass exposes cloud IAM credentials 7.1 — flowise-components Apr 16 HIGH GHSA-rh7v-6w34-w2rr Flowise: MIME bypass enables persistent Node.js web shell RCE 7.1 — flowise Apr 16 HIGH GHSA-cvrr-qhgw-2mm6 Flowise: unauthenticated RCE via FILE-STORAGE bypass 7.7 — flowise-components Apr 16 HIGH GHSA-4jpm-cgx2-8h37 Flowise: unauth API exposes plaintext API keys and tokens — — flowise Apr 16 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial