AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 1140 results

Severity CVE ID Summary CVSS EPSS Package Date

UNKN CVE-2026-0768 Langflow code Code Injection Remote Code... — — langflow Jan 23 UNKN CVE-2025-15063 Ollama MCP Server execAsync Command Injection... — — — Jan 23 HIGH CVE-2025-65098 Typebot is an open-source chatbot builder. In... 7.4 — — Jan 22 CRIT CVE-2026-22807 vLLM is an inference and serving engine for large... 9.8 0.0% vllm Jan 21 HIGH CVE-2026-21852 Claude Code is an agentic coding tool. Prior to... 7.5 — claude_code Jan 21 HIGH CVE-2025-66960 An issue in ollama v.0.12.10 allows a remote... 7.5 — ollama Jan 21 HIGH CVE-2025-66959 An issue in ollama v.0.12.10 allows a remote... 7.5 — ollama Jan 21 HIGH CVE-2025-33233 NVIDIA Merlin Transformers4Rec for all platforms... 7.8 — — Jan 20 HIGH CVE-2026-22219 Chainlit contain a server-side request forgery... 7.7 0.0% chainlit Jan 20 CRIT CVE-2026-0863 Using string formatting and exception handling,... 9.9 — n8n Jan 18 HIGH CVE-2026-0897 Google Keras Allocates Resources Without Limits... — 0.0% keras Jan 15 MEDI CVE-2025-68492 Chainlit contains an authorization bypass... 4.2 0.0% chainlit Jan 14 MEDI CVE-2025-68949 n8n is an open source workflow automation... 5.3 — n8n Jan 13 HIGH CVE-2025-15514 Ollama 0.11.5-rc0 through current version 0.13.5... 7.5 — ollama Jan 12 HIGH CVE-2024-58340 LangChain versions up to and including 0.3.1... 7.5 — langchain Jan 12 HIGH CVE-2024-58339 LlamaIndex (run-llama/llama_index) versions up to... 7.5 — llamaindex Jan 12 HIGH CVE-2024-14021 LlamaIndex (run-llama/llama_index) versions up to... 7.8 — llamaindex Jan 12 HIGH CVE-2026-22033 Label Studio is vulnerable to full account... — 0.0% label-studio Jan 12 HIGH CVE-2025-14279 MLFlow versions up to and including 3.4.0 are... 8.1 0.0% mlflow Jan 12 HIGH CVE-2026-22773 vLLM is an inference and serving engine for large... 7.5 0.0% vllm Jan 10 HIGH CVE-2026-22612 Fickling vulnerable to detection bypass due to... — 0.1% fickling Jan 9 HIGH CVE-2026-22609 Fickling has Static Analysis Bypass via... — 0.1% fickling Jan 9 HIGH CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc... — 0.0% fickling Jan 9 HIGH CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run() — 0.1% fickling Jan 9 HIGH CVE-2026-22606 Fickling has a bypass via runpy.run_path() and... — 0.1% fickling Jan 9 MEDI CVE-2025-14980 The BetterDocs plugin for WordPress is vulnerable... 6.5 — — Jan 9 HIGH GHSA-mcmc-2m55-j8jj vLLM introduced enhanced protection for... 8.8 — vllm Jan 8 HIGH GHSA-9726-w42j-3qjr picklescan has Arbitrary file read using... — — picklescan Jan 8 MEDI CVE-2026-21894 n8n is an open source workflow automation... 6.5 — n8n Jan 8 CRIT CVE-2026-21877 n8n is an open source workflow automation... 9.9 — n8n Jan 8 CRIT CVE-2026-21858 n8n is an open source workflow automation... 10.0 — n8n Jan 8 MEDI CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC... 5.3 0.0% monai Jan 6 MEDI CVE-2025-14371 The Tag, Category, and Taxonomy Manager – AI... 4.3 — — Jan 6 HIGH CVE-2026-0621 Anthropic's MCP TypeScript SDK versions up to and... 7.5 — — Jan 5 CRIT CVE-2026-21445 Langflow is a tool for building and deploying... 9.1 0.1% langflow Jan 2 HIGH GHSA-46h3-79wf-xr6c Picklescan is vulnerable to RCE via missing... — — picklescan Dec 30 HIGH GHSA-955r-x9j8-7rhh Picklescan is vulnerable to RCE via missing... — — picklescan Dec 30 MEDI GHSA-6556-fwc2-fg2p Picklescan is vulnerable to RCE through missing... — — picklescan Dec 30 HIGH GHSA-rrxm-2pvv-m66x Picklescan is vulnerable to RCE via missing... — — picklescan Dec 30 MEDI GHSA-cffc-mxrf-mhh4 Picklescan is vulnerable to RCE via missing... — — picklescan Dec 29 HIGH GHSA-3329-ghmp-jmv5 Picklescan is vulnerable to RCE through missing... — — picklescan Dec 29 HIGH GHSA-x843-g5mx-g377 Picklescan is vulnerable to RCE through missing... — — picklescan Dec 29 HIGH GHSA-r8g5-cgf2-4m4m Picklescan missing detection when calling... — — picklescan Dec 29 HIGH GHSA-hgrh-qx5j-jfwx Picklescan Bypasses Unsafe Globals Check using... 8.8 — picklescan Dec 29 HIGH GHSA-vqmv-47xg-9wpr Picklescan missing detection when calling... — — picklescan Dec 29 HIGH GHSA-84r2-jw7c-4r5q Picklescan has Incomplete List of Disallowed... — — picklescan Dec 29 HIGH GHSA-4675-36f9-wf6r Picklescan does not block ctypes — — picklescan Dec 29 HIGH GHSA-m273-6v24-x4m4 Picklescan vulnerable to Arbitrary File Writing — — picklescan Dec 29 MEDI CVE-2025-68697 n8n is an open source workflow automation... 5.4 — n8n Dec 26 CRIT CVE-2025-68668 n8n is an open source workflow automation... 9.9 — n8n Dec 26

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial