AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 199 results — High severity, has patch
HIGH

OpenClaw: QQBot media tags could read arbitrary local files through reply text

GHSA-66r7-m7xm-v49h
--
openclaw Patch: 2026.4.10 CWE-22 4
HIGH

OpenClaw: busybox and toybox applet execution weakened exec approval binding

GHSA-2cq5-mf3v-mx44
--
openclaw Patch: 2026.4.12 CWE-863 4
HIGH

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

GHSA-7jp6-r74r-995q
--
openclaw Patch: 2026.4.10 CWE-266 4
HIGH

OpenClaw: Sandboxed agents could escape exec routing via host=node override

GHSA-736r-jwj6-4w23
--
openclaw Patch: 2026.4.10 CWE-863 4
HIGH

OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

GHSA-939r-rj45-g2rj
--
openclaw Patch: 2026.4.9 CWE-829 4
HIGH

OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0

GHSA-525j-hqq2-66r4
--
openclaw Patch: 2026.4.10 CWE-284 4
HIGH

OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

GHSA-82qx-6vj7-p8m2
--
openclaw Patch: 2026.4.10 CWE-862 4
HIGH

OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

GHSA-vfp4-8x56-j7c5
--
openclaw Patch: 2026.4.10 CWE-184 4
HIGH

OpenClaw: Voice-call realtime WebSocket accepted oversized frames

GHSA-vw3h-q6xq-jjm5
--
openclaw Patch: 2026.4.10 CWE-400 4
HIGH

OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases

GHSA-8372-7vhw-cm6q
--
openclaw Patch: 2026.4.14 CWE-212 4
HIGH

Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials

GHSA-5fw2-mwhh-9947
--
flowise Patch: 3.1.0 CWE-639
HIGH

Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

GHSA-w47f-j8rh-wx87
--
flowise Patch: 3.1.0
HIGH

Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

GHSA-3prp-9gf7-4rxx
--
flowise Patch: 3.1.0 CWE-284
HIGH

Paperclip: RCE via workspace runtime command injection

GHSA-w8hx-hqjv-vjcq
7.3
Code Execution Data Extraction Supply Chain Agent Plugin Framework
@paperclipai/server Patch: 2026.416.0 CWE-77 3.7K 8 ATLAS
HIGH

Flowise: auth bypass enables account takeover via null token

GHSA-f6hc-c5jr-878p
--
Auth Bypass Data Extraction Agent Framework
flowise Patch: 3.1.0 CWE-287 4 ATLAS
HIGH

Flowise: Cypher injection allows full Neo4j DB wipe

GHSA-28g4-38q8-3cwc
--
Data Extraction Code Execution Data Leakage Agent Framework Plugin
flowise-components Patch: 3.1.0 CWE-943 5 ATLAS
HIGH

Flowise: HTTP reset link exposes tokens to MITM takeover

GHSA-x5w6-38gp-mrqh
--
Auth Bypass Data Extraction Agent Framework
flowise Patch: 3.1.0 CWE-319 4 ATLAS
HIGH

Flowise: OAuth token theft via unauthenticated endpoint

GHSA-6f7g-v4pp-r667
--
Auth Bypass Data Extraction Privacy Violation Agent Framework API
flowise Patch: 3.1.0 CWE-306 6 ATLAS
HIGH

FlowiseAI: SSRF via prompt injection in API Chain

GHSA-6r77-hqx7-7vw8
7.1
Prompt Injection Data Extraction Agent Framework
flowise-components Patch: 3.1.0 CWE-918 5 ATLAS
HIGH

Flowise: SSRF bypass exposes internal services

GHSA-2x8m-83vc-6wv4
7.1
Auth Bypass Data Extraction Agent Framework Plugin
flowise-components Patch: 3.1.0 CWE-367 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial