AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch

Severity CVE ID Summary CVSS EPSS Package Date

MEDI GHSA-fh32-73r9-rgh5 OpenClaw: CDP host bypass exposes localhost browser state — — openclaw Apr 7 MEDI GHSA-w6wx-jq6j-6mcj openclaw: script swap bypasses pnpm dlx approval — — openclaw Apr 7 MEDI GHSA-98ch-45wp-ch47 OpenClaw: approval bypass via env key normalization gap — — openclaw Apr 7 MEDI GHSA-2f7j-rp58-mr42 OpenClaw: info disclosure exposes host filesystem paths — — openclaw Apr 7 MEDI GHSA-2qrv-rc5x-2g2h OpenClaw: untrusted plugin RCE via workspace channel setup — — openclaw Apr 7 MEDI GHSA-5hff-46vh-rxmw OpenClaw: read-only scope bypass kills agent sessions — — openclaw Apr 7 MEDI GHSA-4p4f-fc8q-84m3 openclaw: iOS bridge bypass enables unauthorized agent runs — — openclaw Apr 7 MEDI GHSA-846p-hgpv-vphc OpenClaw: path traversal → host file exfiltration via QQ Bot — — openclaw Apr 7 MEDI GHSA-m34q-h93w-vg5x openclaw: path traversal enables remote dir overwrite — — openclaw Apr 7 LOW GHSA-fqrj-m88p-qf3v OpenClaw: cross-account webhook event suppression — — openclaw Apr 7 MEDI GHSA-wwfp-w96m-c6x8 OpenClaw: pairing DoS blocks account onboarding — — openclaw Apr 7 MEDI GHSA-h43v-27wg-5mf9 OpenClaw: pre-auth signature bypass enables pairing DoS — — openclaw Apr 7 MEDI GHSA-wpc6-37g7-8q4w OpenClaw: exec allowlist bypass via shell init-file options — — openclaw Apr 7 MEDI GHSA-42mx-vp8m-j7qh openclaw: sandbox escape via mirror mode hook execution — — openclaw Apr 7 LOW GHSA-767m-xrhc-fxm7 openclaw: operator.write escalates to admin Telegram config + cron — — openclaw Apr 7 MEDI GHSA-fwjq-xwfj-gv75 openclaw: auth bypass exposes agent session visibility — — openclaw Apr 7 MEDI GHSA-3q42-xmxv-9vfr openclaw: privilege escalation to admin voice config persistence — — openclaw Apr 7 HIGH GHSA-vfw7-6rhc-6xxg openclaw: env var injection via workspace config — — openclaw Apr 7 MEDI GHSA-vjx8-8p7h-82gr openclaw: SSRF in marketplace plugin download — — openclaw Apr 7 MEDI GHSA-4g5x-2jfc-xm98 openclaw: media download bypass exhausts disk storage — — openclaw Apr 7

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial