AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
226
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 results Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-48m6-ch88-55mj Flowise: Mass Assignment allows cross-tenant org takeover 8.1 — flowise Apr 16 CRIT GHSA-9wc7-mj3f-74xv Flowise CSVAgent: RCE via Python code injection — — flowise-components Apr 16 HIGH GHSA-f228-chmx-v6j6 Flowise: prompt injection RCE via AirtableAgent 8.3 — flowise-components Apr 16 MEDI GHSA-9hrv-gvrv-6gf2 Flowise: SSRF bypass enables cloud metadata access — — flowise-components Apr 16 MEDI GHSA-qqvm-66q4-vf5c Flowise: SSRF bypass enables cloud credential theft — — flowise-components Apr 16 MEDI GHSA-w6v6-49gh-mc9w Flowise: path traversal allows arbitrary file write via vector store — — flowise-components Apr 16 MEDI GHSA-m7mq-85xj-9x33 Flowise: hardcoded default key enables JWT token forgery 5.6 — flowise Apr 16 MEDI GHSA-2qqc-p94c-hxwh Flowise: hardcoded session secret enables auth bypass 5.6 — flowise Apr 16 MEDI GHSA-cc4f-hjpj-g9p8 Flowise: hardcoded JWT defaults enable full auth bypass 5.6 — flowise Apr 16 MEDI GHSA-6pcv-j4jx-m4vx Flowise: unauthenticated SSO config exposes OAuth secrets 5.3 — flowise Apr 16 LOW GHSA-gj9q-8w99-mp8j openclaw: TOCTOU race bypasses exec script preflight — — openclaw Apr 16 CRIT E CVE-2026-40933 Flowise: RCE via MCP stdio command injection 9.9 0.0% flowise-components Apr 16 HIGH CVE-2026-30617 LangChain-ChatChat: RCE via unauthenticated MCP interface 8.6 0.2% — Apr 15 CRIT E CVE-2025-61260 OpenAI Codex CLI: RCE via malicious MCP config files 9.8 0.1% @openai/codex Apr 14 HIGH GHSA-p4h8-56qp-hpgv mcp-ssh: argument injection enables LLM-driven local RCE — — — Apr 14 HIGH E CVE-2026-1462 Keras: safe_mode bypass allows RCE via model deserialization 8.8 0.1% keras Apr 13 HIGH GHSA-75hx-xj24-mqrw n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon 8.2 — n8n-mcp Apr 10 MEDI E CVE-2026-40190 langsmith: prototype pollution enables auth bypass, RCE 5.6 0.1% langsmith Apr 10 MEDI E CVE-2026-40086 rembg: path traversal exposes arbitrary files via HTTP API 5.3 0.1% rembg Apr 10 CRIT GHSA-8x8f-54wf-vv92 PraisonAI: auth bypass enables browser session hijack 9.1 — PraisonAI Apr 10 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial