AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-h2v7-xc88-xx8c openclaw: operator scope bypass in phone arm/disarm cmds openclaw Apr 7 MEDI E CVE-2026-33865 MLflow: stored XSS via MLmodel YAML artifact upload 0.0% mlflow Apr 7 MEDI E CVE-2026-1839 HuggingFace Transformers: RCE via malicious checkpoint load 6.5 0.0% transformers Apr 7 CRIT E CVE-2026-35615 PraisonAI: path traversal exposes full filesystem via agent tools 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39308 PraisonAI: recipe registry path traversal file write 7.1 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39306 PraisonAI: recipe path traversal allows arbitrary file write 7.3 0.1% PraisonAI Apr 6 CRIT E CVE-2026-39305 PraisonAI: path traversal enables arbitrary file write/RCE 9.0 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39307 PraisonAI: Zip Slip enables arbitrary file write / RCE 8.1 0.1% PraisonAI Apr 6 MEDI CVE-2026-34425 OpenClaw: script preflight bypass enables unsafe exec 0.1% openclaw Apr 6 MEDI CVE-2026-35492 kedro-datasets: path traversal enables arbitrary file write 6.5 0.0% kedro-datasets Apr 6 HIGH CVE-2026-34511 OpenClaw: PKCE verifier leak enables OAuth token theft 0.0% openclaw Apr 4 HIGH E CVE-2026-35044 BentoML: malicious bento archive RCE via Jinja2 SSTI 8.8 0.0% bentoml Apr 3 HIGH E CVE-2026-35043 BentoML: cmd injection RCE on cloud build infra 7.8 0.0% bentoml Apr 3 CRIT CVE-2026-35030 LiteLLM: auth bypass via JWT cache key collision 9.1 0.1% litellm Apr 3 UNKN E CVE-2026-35029 LiteLLM: auth bypass allows RCE and full takeover 14.9% litellm Apr 3 MEDI CVE-2026-34755 vLLM: OOM DoS via unbounded video frame decoding 6.5 0.1% vllm Apr 3 MEDI CVE-2026-34753 vLLM: SSRF in batch API exposes cloud metadata endpoints 5.4 0.0% vllm Apr 3 MEDI CVE-2026-34756 vLLM: DoS via unbounded n parameter causes OOM crash 6.5 0.0% vllm Apr 3 MEDI GHSA-9q7v-8mr7-g23p OpenClaw: SSRF in marketplace fetch hits internal AI infra openclaw Apr 2 HIGH GHSA-q56x-g2fj-4rj6 onnx: TOCTOU symlink following enables arbitrary file write 7.1 onnx Apr 1

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial