AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,624

AI/ML CVEs Tracked

226

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1624 results

HIGH

n8n: SSH MitM enables malicious workflow injection

Supply Chain Auth Bypass Agent Framework

n8n Patch: 2.5.0 CWE-639 16 4 ATLAS

MEDIUM

n8n: secrets vault bypass exposes credentials to low-priv users

Auth Bypass Data Extraction Data Leakage Agent Framework API

n8n Patch: 1.123.23 CWE-863 16 5 ATLAS

MEDIUM

n8n: OAuth state forgery hijacks user credentials

Auth Bypass Social Engineering Data Extraction Agent Framework API

n8n Patch: 2.8.0 CWE-863 16 6 ATLAS

HIGH

n8n: SQLi in Data Table node, full DB compromise

Code Execution Data Extraction Data Leakage Agent Framework Plugin

n8n Patch: 1.123.26 CWE-89 16 6 ATLAS

HIGH

n8n: Prototype pollution enables RCE via workflow nodes

Code Execution Supply Chain Agent Framework Plugin

n8n Patch: 2.14.1 CWE-1321 16 7 ATLAS

HIGH

n8n: LDAP email match enables permanent account takeover

Auth Bypass Code Execution Data Extraction Agent Framework

n8n Patch: 2.4.0 CWE-287 16 5 ATLAS

CRITICAL

n8n: member role steals plaintext HTTP credentials

Auth Bypass Data Extraction Data Leakage Agent Framework API

n8n Patch: 1.123.27 CWE-639 16 6 ATLAS

CRITICAL

TensorFlow: type confusion NPD in tensor conversion

Code Execution DoS Framework Inference

n8n Patch: 2.14.1 CWE-94 16 3 ATLAS

MEDIUM

n8n: uninitialized buffer leaks secrets via Task Runner

Data Leakage Data Extraction Agent Framework

n8n Patch: 1.123.22 CWE-908 16 4 ATLAS

CRITICAL

litellm: supply chain attack harvests AI API credentials

GHSA-5mg7-485q-xm76

1mo ago

Supply Chain Data Extraction Code Execution Framework API Agent

litellm CWE-506 4 8 ATLAS

CRITICAL

NVIDIA: Deserialization enables RCE

Code Execution Supply Chain Data Extraction Framework Training Data

CWE-502 5 ATLAS

UNKNOWN EXPLOIT AVAIL

Wallos: SSRF allows internal network access

CVE-2026-33401

EPSS 0.0%

1mo ago

Data Extraction Auth Bypass Privacy Violation Inference API

CWE-918 4 ATLAS

HIGH EXPLOIT AVAIL

langflow: Path Traversal enables file access

Data Extraction Auth Bypass Framework Agent

langflow Patch: 1.7.1 CWE-22 5 ATLAS

HIGH EXPLOIT AVAIL

langflow: Access Control bypass enables privilege escalation

Auth Bypass Data Extraction Privacy Violation Framework API

langflow CWE-284 5 ATLAS

CRITICAL EXPLOIT AVAIL

langflow: security flaw enables exploitation

Supply Chain Code Execution Data Extraction Framework Agent

langflow CWE-74 5 ATLAS

CRITICAL EXPLOIT AVAIL

langflow: Path Traversal enables file access

Code Execution Auth Bypass Supply Chain Framework Agent Plugin

langflow Patch: 1.9.0 CWE-22 8 ATLAS

MEDIUM EXPLOIT AVAIL

AI component: IDOR enables unauthorized data access

Data Leakage Code Execution API Model Inference

CWE-639 6 ATLAS

MEDIUM EXPLOIT AVAIL

AI component: Input Validation flaw enables exploitation

Model Poisoning Code Execution Framework RAG Model

CWE-20 5 ATLAS

HIGH

langflow: IDOR enables unauthorized data access

Supply Chain Code Execution DoS Framework Agent API

langflow CWE-639 5 ATLAS

CRITICAL KEV

langflow: Code Injection enables RCE

Model Poisoning Code Execution Framework Agent API

langflow CWE-95 6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?