AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 225 results — Critical severity
Severity CVE ID Summary CVSS EPSS Package Date
CRIT GHSA-8x8f-54wf-vv92 PraisonAI: auth bypass enables browser session hijack 9.1 PraisonAI Apr 10 CRIT GHSA-vc46-vw85-3wvm PraisonAI: RCE via malicious workflow YAML execution 9.8 PraisonAI Apr 10 CRIT E CVE-2026-40157 PraisonAI: path traversal allows arbitrary file write via recipe unpack 0.1% PraisonAI Apr 10 CRIT E CVE-2026-40154 PraisonAI: supply chain RCE via unverified template exec 9.3 0.0% PraisonAI Apr 10 CRIT E CVE-2026-1115 lollms: Stored XSS enables wormable account takeover 9.6 0.0% lollms Apr 10 CRIT E CVE-2026-40111 PraisonAI: RCE via shell injection in memory hooks executor 0.0% praisonaiagents Apr 9 CRIT GHSA-2763-cj5r-c79m PraisonAI: RCE via shell injection in agent workflows 9.7 PraisonAI Apr 8 CRIT GHSA-2679-6mx9-h9xc Marimo: pre-auth RCE via terminal WebSocket marimo Apr 8 CRIT CVE-2026-39888 praisonaiagents: sandbox escape enables host RCE 10.0 0.1% praisonaiagents Apr 8 CRIT E CVE-2026-39890 PraisonAI: YAML deserialization enables unauthenticated RCE 9.8 0.5% praisonai Apr 8 CRIT E CVE-2026-35615 PraisonAI: path traversal exposes full filesystem via agent tools 0.1% PraisonAI Apr 6 CRIT E CVE-2026-39305 PraisonAI: path traversal enables arbitrary file write/RCE 9.0 0.1% PraisonAI Apr 6 CRIT E CVE-2026-35022 Claude Code: OS command injection, credential theft 9.8 0.5% Apr 6 CRIT E CVE-2026-35216 Budibase: Unauthenticated RCE as root via webhook 9.1 0.6% Apr 4 CRIT CVE-2026-35030 LiteLLM: auth bypass via JWT cache key collision 9.1 0.1% litellm Apr 3 CRIT E CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 5.5% mlflow Apr 3 CRIT E CVE-2026-34938 praisonaiagents: sandbox bypass enables full host RCE 10.0 0.0% praisonaiagents Apr 1 CRIT E CVE-2026-0596 MLflow: command injection via model_uri in mlserver mode 9.6 0.2% Mar 31 CRIT GHSA-955r-262c-33jc telnyx: PyPI supply chain attack steals cloud creds Mar 30 CRIT E CVE-2025-15379 MLflow: RCE via unsanitized model dependency specs 10.0 0.2% mlflow Mar 30

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial