AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1625 results
Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-3fv3-6p2v-gxwj openclaw: SSRF bypass in QQ Bot media fetch paths openclaw Apr 9 MEDI GHSA-5h3f-885m-v22w openclaw: WS sessions persist after gateway token rotation openclaw Apr 9 LOW GHSA-25wv-8phj-8p7r OpenClaw: auth rate-limit bypass via async race condition openclaw Apr 9 HIGH GHSA-5wj5-87vq-39xm openclaw: auth bypass enables exec escalation on reconnect openclaw Apr 9 MEDI GHSA-vc32-h5mq-453v OpenClaw: cross-channel allowlist write bypass openclaw Apr 9 MEDI GHSA-68x5-xx89-w9mm OpenClaw: stale auth closure bypasses gateway access control openclaw Apr 9 MEDI GHSA-cmfr-9m2r-xwhq OpenClaw: auth bypass enables persistent browser profile mutation openclaw Apr 9 MEDI GHSA-whf9-3hcx-gq54 OpenClaw: token rotation bypasses role approval openclaw Apr 9 MEDI GHSA-qqq7-4hxc-x63c openclaw: local file exfiltration via trusted MEDIA refs openclaw Apr 9 MEDI GHSA-q2gc-xjqw-qp89 OpenClaw: eval approval bypass enables unintended code exec openclaw Apr 9 HIGH CVE-2026-39974 n8n-MCP: SSRF exposes cloud metadata via MCP headers 8.5 0.0% Apr 9 HIGH GHSA-7437-7hg8-frrw OpenClaw: env var injection enables host RCE openclaw Apr 9 HIGH GHSA-jf56-mccx-5f3f OpenClaw: wake hook trust violation elevates to System prompt openclaw Apr 9 HIGH GHSA-gfmx-pph7-g46x openclaw: trust boundary bypass enables prompt injection openclaw Apr 9 CRIT GHSA-2763-cj5r-c79m PraisonAI: RCE via shell injection in agent workflows 9.7 PraisonAI Apr 8 MEDI GHSA-926x-3r5x-gfhw LangChain: f-string template injection exposes object internals 5.3 langchain-core Apr 8 CRIT GHSA-2679-6mx9-h9xc Marimo: pre-auth RCE via terminal WebSocket marimo Apr 8 MEDI E CVE-2026-5803 openai-realtime-ui: SSRF in API proxy endpoint 6.3 0.1% Apr 8 HIGH GHSA-4ggg-h7ph-26qr n8n-mcp: authenticated SSRF leaks cloud metadata 8.5 n8n-mcp Apr 8 MEDI GHSA-766v-q9x3-g744 praisonaiagents: agent context leak + path traversal 6.5 praisonaiagents Apr 8

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial