AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1625 results
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-34052 ltiauthenticator: OAuth nonce leak causes server DoS 5.9 0.1% Apr 3 MEDI CVE-2026-33709 JupyterHub: open redirect enables post-login phishing 0.0% Apr 3 HIGH CVE-2026-33175 oauthenticator: auth bypass enables JupyterHub account takeover 8.8 0.1% Apr 3 CRIT E CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 5.5% mlflow Apr 3 MEDI CVE-2026-34756 vLLM: DoS via unbounded n parameter causes OOM crash 6.5 0.0% vllm Apr 3 HIGH CVE-2026-35175 Ajenti: missing authz lets any user install packages 0.0% Apr 3 MEDI GHSA-9q7v-8mr7-g23p OpenClaw: SSRF in marketplace fetch hits internal AI infra openclaw Apr 2 MEDI CVE-2026-34760 vLLM: audio downmix mismatch enables adversarial input 5.9 0.1% Apr 2 HIGH GHSA-q56x-g2fj-4rj6 onnx: TOCTOU symlink following enables arbitrary file write 7.1 onnx Apr 1 HIGH E CVE-2026-34954 praisonaiagents: SSRF leaks cloud IAM credentials 8.6 0.0% praisonaiagents Apr 1 HIGH E CVE-2026-34955 PraisonAI: sandbox escape via shell=True blocklist bypass 8.8 0.0% praisonai Apr 1 HIGH E CVE-2026-34936 PraisonAI: SSRF via api_base steals cloud IAM credentials 7.7 0.0% praisonai Apr 1 HIGH E CVE-2026-34937 PraisonAI: OS command injection via run_python() shell escape 7.8 0.0% praisonaiagents Apr 1 CRIT E CVE-2026-34938 praisonaiagents: sandbox bypass enables full host RCE 10.0 0.0% praisonaiagents Apr 1 HIGH E CVE-2026-34222 Open WebUI: access control bypass leaks Tool Valve API keys 7.7 0.0% open-webui Apr 1 MEDI E CVE-2026-34447 ONNX: symlink traversal reads host files via model loading 5.5 0.0% onnx Apr 1 MEDI CVE-2026-34446 ONNX: hardlink path traversal leaks sensitive files 4.7 0.0% onnx Apr 1 HIGH CVE-2026-34445 ONNX: property overwrite via crafted model file 8.6 0.2% onnx Apr 1 UNKN E CVE-2026-27489 ONNX: symlink path traversal allows arbitrary file read 0.1% onnx Mar 31 MEDI CVE-2026-34452 Anthropic SDK: TOCTOU symlink escape in async memory tool 0.0% anthropic Mar 31

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial