AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 225 results — Critical severity
Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2025-15036 MLflow: path traversal enables sandbox escape, file overwrite 9.6 0.0% mlflow Mar 30 CRIT CVE-2026-33749 n8n: stored XSS enables credential theft via workflow 9.0 0.0% n8n Mar 25 CRIT CVE-2026-33663 n8n: member role steals plaintext HTTP credentials 10.0 0.0% n8n Mar 25 CRIT CVE-2026-33660 TensorFlow: type confusion NPD in tensor conversion 10.0 0.1% n8n Mar 25 CRIT GHSA-5mg7-485q-xm76 litellm: supply chain attack harvests AI API credentials litellm Mar 25 CRIT CVE-2025-33244 NVIDIA: Deserialization enables RCE 9.0 0.1% Mar 24 CRIT E CVE-2026-33475 langflow: security flaw enables exploitation 9.1 0.1% langflow Mar 24 CRIT E CVE-2026-33309 langflow: Path Traversal enables file access 9.9 0.0% langflow Mar 24 CRIT CVE-2026-33017 langflow: Code Injection enables RCE 9.8 41.2% langflow Mar 20 CRIT E CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 0.4% mlflow Mar 18 CRIT E CVE-2026-28500 onnx: Integrity Verification bypass enables tampering 9.1 0.0% onnx Mar 18 CRIT E CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 0.4% openclaw Mar 11 CRIT E CVE-2026-27825 mcp-atlassian: Path Traversal enables file access 9.1 0.0% mcp-atlassian Mar 10 CRIT E CVE-2026-25960 vllm: SSRF allows internal network access 9.8 0.0% vllm Mar 9 CRIT E CVE-2026-30824 Flowise: auth bypass exposes NVIDIA NIM container endpoints 9.8 9.4% flowise Mar 7 CRIT E CVE-2026-30821 flowise: Arbitrary File Upload enables RCE 9.8 0.2% flowise Mar 7 CRIT CVE-2026-28451 OpenClaw: SSRF via Feishu extension exposes internal services 9.3 0.0% openclaw Mar 5 CRIT GHSA-g38g-8gr9-h9xp picklescan: Allowlist Bypass evades input filtering 9.8 picklescan Mar 3 CRIT GHSA-vvpj-8cmc-gx39 picklescan: security flaw enables exploitation 10.0 picklescan Mar 3 CRIT GHSA-7wx9-6375-f5wh picklescan: Allowlist Bypass evades input filtering 9.8 picklescan Mar 3

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial