AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 512 results — has patch Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-r39h-4c2p-3jxp OpenClaw: RCE via malicious repo setup-api.js 7.8 — openclaw May 5 MEDI GHSA-q8ff-7ffm-m3r9 openclaw: stale webhook secret survives credential rotation 6.0 — openclaw May 5 CRIT CVE-2026-42048 Langflow: path traversal allows arbitrary directory deletion 9.6 — langflow May 5 MEDI CVE-2026-40864 JupyterHub: CSRF bypass on spawn and share endpoints 5.4 — jupyterhub May 5 MEDI CVE-2026-40934 jupyter-server: auth cookie survives password reset 6.8 0.1% jupyter-server May 5 HIGH CVE-2026-40110 Jupyter Server: CORS bypass via regex anchor omission — 0.0% jupyter-server May 5 HIGH CVE-2026-35397 Jupyter Server: path traversal leaks sibling directories 7.1 0.0% jupyter-server May 5 MEDI CVE-2025-61669 jupyter-server: Open redirect enables credential phishing — 0.0% jupyter-server May 5 MEDI CVE-2026-43570 OpenClaw: symlink traversal exposes host filesystem 6.5 0.1% openclaw May 5 MEDI GHSA-93rg-2xm5-2p9v openclaw: auth bypass exposes Gateway bootstrap config — — openclaw May 4 MEDI GHSA-5h3g-6xhh-rg6p openclaw: TOCTOU race allows out-of-sandbox file read — — openclaw May 4 HIGH GHSA-wppj-c6mr-83jj openclaw: TOCTOU sandbox escape via symlink swap — — openclaw May 4 MEDI GHSA-x3h8-jrgh-p8jx OpenClaw: exec allowlist bypass allows hidden shell code — — openclaw May 4 HIGH GHSA-r6xh-pqhr-v4xh openclaw: MCP owner-context spoofing, privilege escalation — — openclaw May 4 MEDI GHSA-55cf-xx38-4p9p OpenClaw: .env injection redirects connector endpoints — — openclaw May 4 MEDI GHSA-q3jj-46pq-826r openclaw: ACP child session security envelope bypass — — openclaw May 4 MEDI GHSA-2hh7-c75g-qj2r openclaw: SSRF bypass via Zalo plugin photo URLs — — openclaw May 4 MEDI CVE-2026-41358 OpenClaw: sender allowlist bypass via Slack thread context 5.4 0.0% openclaw May 4 HIGH CVE-2026-42449 n8n-mcp: SSRF bypass via IPv6 leaks API keys 8.5 0.0% n8n-mcp Apr 30 HIGH CVE-2026-40171 Jupyter Notebook: stored XSS enables full account takeover — 0.1% @jupyterlab/help-extension Apr 30 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial