AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
226
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 results Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-846p-hgpv-vphc OpenClaw: path traversal → host file exfiltration via QQ Bot — — openclaw Apr 7 MEDI GHSA-m34q-h93w-vg5x openclaw: path traversal enables remote dir overwrite — — openclaw Apr 7 LOW GHSA-fqrj-m88p-qf3v OpenClaw: cross-account webhook event suppression — — openclaw Apr 7 MEDI GHSA-wwfp-w96m-c6x8 OpenClaw: pairing DoS blocks account onboarding — — openclaw Apr 7 MEDI GHSA-h43v-27wg-5mf9 OpenClaw: pre-auth signature bypass enables pairing DoS — — openclaw Apr 7 MEDI GHSA-wpc6-37g7-8q4w OpenClaw: exec allowlist bypass via shell init-file options — — openclaw Apr 7 MEDI GHSA-42mx-vp8m-j7qh openclaw: sandbox escape via mirror mode hook execution — — openclaw Apr 7 LOW GHSA-767m-xrhc-fxm7 openclaw: operator.write escalates to admin Telegram config + cron — — openclaw Apr 7 MEDI GHSA-fwjq-xwfj-gv75 openclaw: auth bypass exposes agent session visibility — — openclaw Apr 7 MEDI GHSA-3q42-xmxv-9vfr openclaw: privilege escalation to admin voice config persistence — — openclaw Apr 7 HIGH GHSA-vfw7-6rhc-6xxg openclaw: env var injection via workspace config — — openclaw Apr 7 MEDI GHSA-vjx8-8p7h-82gr openclaw: SSRF in marketplace plugin download — — openclaw Apr 7 MEDI GHSA-4g5x-2jfc-xm98 openclaw: media download bypass exhausts disk storage — — openclaw Apr 7 MEDI GHSA-h2v7-xc88-xx8c openclaw: operator scope bypass in phone arm/disarm cmds — — openclaw Apr 7 HIGH E CVE-2026-35485 text-generation-webui: unauthenticated path traversal file read 7.5 0.4% gradio Apr 7 MEDI E CVE-2026-33866 MLflow: auth bypass exposes model artifacts across experiments — 0.0% mlflow Apr 7 MEDI E CVE-2026-33865 MLflow: stored XSS via MLmodel YAML artifact upload — 0.0% mlflow Apr 7 MEDI E CVE-2026-1839 HuggingFace Transformers: RCE via malicious checkpoint load 6.5 0.0% transformers Apr 7 CRIT E CVE-2026-35615 PraisonAI: path traversal exposes full filesystem via agent tools — 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39308 PraisonAI: recipe registry path traversal file write 7.1 0.1% PraisonAI Apr 6 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial