AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-33720 n8n: OAuth state forgery hijacks user credentials 4.2 0.0% n8n Mar 25 HIGH CVE-2026-33713 n8n: SQLi in Data Table node, full DB compromise 8.8 0.0% n8n Mar 25 HIGH CVE-2026-33696 n8n: Prototype pollution enables RCE via workflow nodes 8.8 0.2% n8n Mar 25 HIGH CVE-2026-33665 n8n: LDAP email match enables permanent account takeover 8.2 0.0% n8n Mar 25 CRIT CVE-2026-33663 n8n: member role steals plaintext HTTP credentials 10.0 0.0% n8n Mar 25 CRIT CVE-2026-33660 TensorFlow: type confusion NPD in tensor conversion 10.0 0.1% n8n Mar 25 MEDI CVE-2026-27496 n8n: uninitialized buffer leaks secrets via Task Runner 6.5 0.0% n8n Mar 25 HIGH E CVE-2026-33497 langflow: Path Traversal enables file access 7.5 0.0% langflow Mar 24 CRIT E CVE-2026-33309 langflow: Path Traversal enables file access 9.9 0.0% langflow Mar 24 CRIT E CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 0.4% mlflow Mar 18 HIGH E CVE-2025-14287 mlflow: Code Injection enables RCE 7.5 0.3% mlflow Mar 16 MEDI GHSA-5cxw-w2xg-2m8h fickling: Allowlist Bypass evades input filtering fickling Mar 13 MEDI GHSA-r48f-3986-4f9c fickling: Allowlist Bypass evades input filtering fickling Mar 13 HIGH E CVE-2026-31829 Flowise: SSRF via HTTP Node exposes internal network 8.8 0.1% flowise-components Mar 10 CRIT E CVE-2026-27825 mcp-atlassian: Path Traversal enables file access 9.1 0.0% mcp-atlassian Mar 10 HIGH E CVE-2026-27826 mcp-atlassian: SSRF allows internal network access 8.2 0.1% mcp-atlassian Mar 10 HIGH GHSA-5r2p-pjr8-7fh7 sagemaker: Allowlist Bypass evades input filtering sagemaker Mar 5 MEDI CVE-2026-28277 langgraph: Deserialization enables RCE 6.8 0.3% langgraph Mar 5 HIGH CVE-2026-25048 xgrammar: security flaw enables exploitation 0.1% xgrammar Mar 5 HIGH GHSA-5hwf-rc88-82xm fickling: Allowlist Bypass evades input filtering fickling Mar 4

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial