AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-34954 praisonaiagents: SSRF leaks cloud IAM credentials 8.6 0.0% praisonaiagents Apr 1 HIGH E CVE-2026-34955 PraisonAI: sandbox escape via shell=True blocklist bypass 8.8 0.0% praisonai Apr 1 HIGH E CVE-2026-34936 PraisonAI: SSRF via api_base steals cloud IAM credentials 7.7 0.0% praisonai Apr 1 HIGH E CVE-2026-34937 PraisonAI: OS command injection via run_python() shell escape 7.8 0.0% praisonaiagents Apr 1 CRIT E CVE-2026-34938 praisonaiagents: sandbox bypass enables full host RCE 10.0 0.0% praisonaiagents Apr 1 HIGH E CVE-2026-34222 Open WebUI: access control bypass leaks Tool Valve API keys 7.7 0.0% open-webui Apr 1 MEDI E CVE-2026-34447 ONNX: symlink traversal reads host files via model loading 5.5 0.0% onnx Apr 1 MEDI CVE-2026-34446 ONNX: hardlink path traversal leaks sensitive files 4.7 0.0% onnx Apr 1 HIGH CVE-2026-34445 ONNX: property overwrite via crafted model file 8.6 0.2% onnx Apr 1 UNKN E CVE-2026-27489 ONNX: symlink path traversal allows arbitrary file read 0.1% onnx Mar 31 MEDI CVE-2026-34452 Anthropic SDK: TOCTOU symlink escape in async memory tool 0.0% anthropic Mar 31 MEDI CVE-2026-34451 anthropic-ai/sdk: memory tool path traversal escape 0.1% @anthropic-ai/sdk Mar 31 MEDI CVE-2026-34450 anthropic-sdk: insecure file perms expose agent memory 0.0% anthropic Mar 31 HIGH GHSA-m3mh-3mpg-37hw OpenClaw: .npmrc hijack enables RCE on plugin install 8.6 openclaw Mar 30 MEDI GHSA-68f8-9mhj-h2mp OpenClaw: HTTP scope bypass enables model enumeration openclaw Mar 30 HIGH GHSA-hr5v-j9h9-xjhg OpenClaw: sandbox escape via mediaUrl path traversal 7.7 openclaw Mar 30 CRIT E CVE-2025-15379 MLflow: RCE via unsanitized model dependency specs 10.0 0.2% mlflow Mar 30 CRIT E CVE-2025-15036 MLflow: path traversal enables sandbox escape, file overwrite 9.6 0.0% mlflow Mar 30 MEDI CVE-2026-35646 openclaw: webhook rate-limit bypass enables token brute-force 0.1% openclaw Mar 29 MEDI CVE-2026-35640 openclaw: unauthenticated webhook parsing enables DoS 0.1% openclaw Mar 29

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial