AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 512 results — has patchOpenClaw: RCE via malicious repo setup-api.js
GHSA-r39h-4c2p-3jxp openclaw: stale webhook secret survives credential rotation
GHSA-q8ff-7ffm-m3r9 Langflow: path traversal allows arbitrary directory deletion
CVE-2026-42048 JupyterHub: CSRF bypass on spawn and share endpoints
CVE-2026-40864 jupyter-server: auth cookie survives password reset
CVE-2026-40934 Jupyter Server: CORS bypass via regex anchor omission
CVE-2026-40110 Jupyter Server: path traversal leaks sibling directories
CVE-2026-35397 jupyter-server: Open redirect enables credential phishing
CVE-2025-61669 OpenClaw: symlink traversal exposes host filesystem
CVE-2026-43570 openclaw: auth bypass exposes Gateway bootstrap config
GHSA-93rg-2xm5-2p9v openclaw: TOCTOU race allows out-of-sandbox file read
GHSA-5h3g-6xhh-rg6p openclaw: TOCTOU sandbox escape via symlink swap
GHSA-wppj-c6mr-83jj OpenClaw: exec allowlist bypass allows hidden shell code
GHSA-x3h8-jrgh-p8jx openclaw: MCP owner-context spoofing, privilege escalation
GHSA-r6xh-pqhr-v4xh OpenClaw: .env injection redirects connector endpoints
GHSA-55cf-xx38-4p9p openclaw: ACP child session security envelope bypass
GHSA-q3jj-46pq-826r openclaw: SSRF bypass via Zalo plugin photo URLs
GHSA-2hh7-c75g-qj2r OpenClaw: sender allowlist bypass via Slack thread context
CVE-2026-41358 n8n-mcp: SSRF bypass via IPv6 leaks API keys
CVE-2026-42449 Jupyter Notebook: stored XSS enables full account takeover
CVE-2026-40171 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial