AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-wccx-j62j-r448 fickling: Protection Bypass circumvents security controls fickling Mar 4 CRIT GHSA-g38g-8gr9-h9xp picklescan: Allowlist Bypass evades input filtering 9.8 picklescan Mar 3 CRIT GHSA-vvpj-8cmc-gx39 picklescan: security flaw enables exploitation 10.0 picklescan Mar 3 CRIT GHSA-7wx9-6375-f5wh picklescan: Allowlist Bypass evades input filtering 9.8 picklescan Mar 3 MEDI CVE-2026-27794 langgraph-checkpoint: Deserialization enables RCE 6.6 0.4% langgraph-checkpoint Feb 25 MEDI GHSA-mhc9-48gj-9gp3 fickling: Allowlist Bypass evades input filtering fickling Feb 25 HIGH GHSA-mxhj-88fx-4pcv fickling: security flaw enables exploitation fickling Feb 24 CRIT CVE-2026-2635 mlflow: security flaw enables exploitation 9.8 1.1% mlflow Feb 20 HIGH E CVE-2026-2033 mlflow: Path Traversal enables file access 8.1 14.7% mlflow Feb 20 MEDI E CVE-2026-27482 ray: Missing Auth allows unauthenticated access 5.9 0.1% ray Feb 20 LOW GHSA-83pf-v6qq-pwmr fickling: Allowlist Bypass evades input filtering fickling Feb 20 CRIT CVE-2026-26030 semantic-kernel: Code Injection enables RCE 10.0 0.1% semantic-kernel Feb 19 HIGH GHSA-97f8-7cmv-76j2 picklescan: Allowlist Bypass evades input filtering picklescan Feb 18 CRIT CVE-2026-25592 semantic-kernel: Path Traversal enables file access 9.9 0.1% semantic-kernel Feb 6 HIGH E CVE-2026-25580 pydantic-ai: SSRF allows internal network access 8.6 0.0% pydantic-ai-slim Feb 6 MEDI CVE-2026-25640 pydantic-ai: Path Traversal enables file access 5.4 0.0% pydantic-ai-slim Feb 6 HIGH CVE-2026-1777 sagemaker: security flaw enables exploitation 7.2 0.0% sagemaker Feb 2 MEDI CVE-2026-1778 sagemaker: security flaw enables exploitation 5.9 0.0% sagemaker Feb 2 MEDI GHSA-m7j5-r2p5-c39r picklescan: Deserialization enables RCE picklescan Feb 2 HIGH GHSA-9m3x-qqw2-h32h picklescan: Deserialization enables RCE picklescan Feb 2

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial