AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsFlowise: Mass Assignment allows cross-tenant org takeover
GHSA-48m6-ch88-55mj Flowise CSVAgent: RCE via Python code injection
GHSA-9wc7-mj3f-74xv Flowise: prompt injection RCE via AirtableAgent
GHSA-f228-chmx-v6j6 Flowise: SSRF bypass enables cloud metadata access
GHSA-9hrv-gvrv-6gf2 Flowise: SSRF bypass enables cloud credential theft
GHSA-qqvm-66q4-vf5c Flowise: path traversal allows arbitrary file write via vector store
GHSA-w6v6-49gh-mc9w Flowise: hardcoded default key enables JWT token forgery
GHSA-m7mq-85xj-9x33 Flowise: hardcoded session secret enables auth bypass
GHSA-2qqc-p94c-hxwh Flowise: hardcoded JWT defaults enable full auth bypass
GHSA-cc4f-hjpj-g9p8 Flowise: unauthenticated SSO config exposes OAuth secrets
GHSA-6pcv-j4jx-m4vx openclaw: TOCTOU race bypasses exec script preflight
GHSA-gj9q-8w99-mp8j Flowise: RCE via MCP stdio command injection
CVE-2026-40933 LangChain-ChatChat: RCE via unauthenticated MCP interface
CVE-2026-30617 OpenAI Codex CLI: RCE via malicious MCP config files
CVE-2025-61260 mcp-ssh: argument injection enables LLM-driven local RCE
GHSA-p4h8-56qp-hpgv Keras: safe_mode bypass allows RCE via model deserialization
CVE-2026-1462 n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon
GHSA-75hx-xj24-mqrw langsmith: prototype pollution enables auth bypass, RCE
CVE-2026-40190 rembg: path traversal exposes arbitrary files via HTTP API
CVE-2026-40086 PraisonAI: auth bypass enables browser session hijack
GHSA-8x8f-54wf-vv92 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial