AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity

Severity CVE ID Summary CVSS EPSS Package Date

HIGH GHSA-7jp6-r74r-995q openclaw: auth bypass lets write-scope callers mutate admin config — — openclaw Apr 17 HIGH GHSA-736r-jwj6-4w23 openclaw: sandbox escape via host=node exec routing bypass — — openclaw Apr 17 HIGH GHSA-939r-rj45-g2rj openclaw: untrusted plugin auto-enabled during onboarding — — openclaw Apr 17 HIGH GHSA-525j-hqq2-66r4 openclaw: CDP relay exposes browser DevTools on 0.0.0.0 — — openclaw Apr 17 HIGH GHSA-82qx-6vj7-p8m2 openclaw: trust bypass loads untrusted workspace plugins — — openclaw Apr 17 HIGH GHSA-vfp4-8x56-j7c5 OpenClaw: Exec environment denylist missed... — — openclaw Apr 17 HIGH GHSA-vw3h-q6xq-jjm5 OpenClaw: Voice-call realtime WebSocket accepted... — — openclaw Apr 17 HIGH GHSA-8372-7vhw-cm6q OpenClaw: config.get redaction bypass through... — — openclaw Apr 17 HIGH GHSA-5fw2-mwhh-9947 Flowise: Unauthenticated TTS endpoint accepts... — — flowise Apr 17 HIGH GHSA-w47f-j8rh-wx87 Flowise: Public chatflow endpoints return... — — flowise Apr 17 HIGH GHSA-3prp-9gf7-4rxx Flowise: Mass Assignment in DocumentStore Create... — — flowise Apr 17 HIGH GHSA-gqqj-85qm-8qhf paperclipai: connector trust bypass enables Gmail read/write 8.7 — paperclipai Apr 16 HIGH GHSA-w8hx-hqjv-vjcq Paperclip: RCE via workspace runtime command injection 7.3 — @paperclipai/server Apr 16 HIGH GHSA-f6hc-c5jr-878p Flowise: auth bypass enables account takeover via null token — — flowise Apr 16 HIGH GHSA-28g4-38q8-3cwc Flowise: Cypher injection allows full Neo4j DB wipe — — flowise-components Apr 16 HIGH GHSA-x5w6-38gp-mrqh Flowise: HTTP reset link exposes tokens to MITM takeover — — flowise Apr 16 HIGH GHSA-6f7g-v4pp-r667 Flowise: OAuth token theft via unauthenticated endpoint — — flowise Apr 16 HIGH GHSA-6r77-hqx7-7vw8 FlowiseAI: SSRF via prompt injection in API Chain 7.1 — flowise-components Apr 16 HIGH GHSA-2x8m-83vc-6wv4 Flowise: SSRF bypass exposes internal services 7.1 — flowise-components Apr 16 HIGH GHSA-xhmj-rg95-44hv Flowise: SSRF bypass exposes cloud IAM credentials 7.1 — flowise-components Apr 16

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial