AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

226

Critical

95

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1625 results
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-34451 anthropic-ai/sdk: memory tool path traversal escape 0.1% @anthropic-ai/sdk Mar 31 MEDI CVE-2026-34450 anthropic-sdk: insecure file perms expose agent memory 0.0% anthropic Mar 31 UNKN CVE-2026-22561 Claude Setup: DLL search-order hijacking LPE 0.0% Mar 31 CRIT E CVE-2026-0596 MLflow: command injection via model_uri in mlserver mode 9.6 0.2% Mar 31 UNKN CVE-2026-4399 1millionbot Millie: Boolean prompt injection bypasses restrictions 0.1% Mar 31 CRIT GHSA-955r-262c-33jc telnyx: PyPI supply chain attack steals cloud creds Mar 30 HIGH GHSA-m3mh-3mpg-37hw OpenClaw: .npmrc hijack enables RCE on plugin install 8.6 openclaw Mar 30 MEDI GHSA-68f8-9mhj-h2mp OpenClaw: HTTP scope bypass enables model enumeration openclaw Mar 30 HIGH GHSA-hr5v-j9h9-xjhg OpenClaw: sandbox escape via mediaUrl path traversal 7.7 openclaw Mar 30 HIGH E CVE-2026-29872 awesome-llm-apps MCP Agent: cross-session credential theft 8.2 0.1% Mar 30 UNKN CVE-2026-2287 CrewAI: Docker sandbox fallback enables RCE 0.1% Mar 30 UNKN CVE-2026-2286 CrewAI: SSRF via unvalidated RAG tool URLs exposes internal services 0.1% Mar 30 UNKN CVE-2026-2285 CrewAI: arbitrary file read via JSON loader tool 0.2% Mar 30 UNKN E CVE-2026-2275 CrewAI: RCE via Docker fallback in CodeInterpreter 0.0% Mar 30 CRIT E CVE-2025-15379 MLflow: RCE via unsanitized model dependency specs 10.0 0.2% mlflow Mar 30 CRIT E CVE-2025-15036 MLflow: path traversal enables sandbox escape, file overwrite 9.6 0.0% mlflow Mar 30 MEDI CVE-2026-35646 openclaw: webhook rate-limit bypass enables token brute-force 0.1% openclaw Mar 29 MEDI CVE-2026-35640 openclaw: unauthenticated webhook parsing enables DoS 0.1% openclaw Mar 29 HIGH CVE-2026-35629 openclaw: SSRF in channel extensions hits internal network 0.0% openclaw Mar 29 MEDI CVE-2026-35657 openclaw: auth bypass exposes agent session history via HTTP 0.0% openclaw Mar 29

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial