AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 220 results — Medium severity, has patchpraisonaiagents: glob traversal leaks filesystem metadata
CVE-2026-40152 PraisonAI: unauthenticated agent config and system prompt disclosure
CVE-2026-40151 PraisonAI: unbounded body read enables local DoS
CVE-2026-40115 OpenClaw: SSRF via web-fetch enables internal network pivot
CVE-2026-6011 PraisonAI: arbitrary file read via unguarded skill tool
CVE-2026-40117 openclaw: base64 pre-alloc bypass causes resource exhaustion
GHSA-ccx3-fw7q-rr2r openclaw: no integrity check on ClawHub plugin installs
GHSA-3vvq-q2qc-7rmp openclaw: env var injection enables host exec hijacking
GHSA-w9j9-w4cp-6wgr OpenClaw: SSRF bypass via Playwright redirect handling
GHSA-w8g9-x8gx-crmm OpenClaw: SSRF bypass via interaction-triggered navigation
GHSA-vr5g-mmx7-h897 OpenClaw: scope misconfiguration enables unauthorized node pairing
GHSA-67mf-f936-ppxf openclaw: SSRF bypass in QQ Bot media fetch paths
GHSA-3fv3-6p2v-gxwj openclaw: WS sessions persist after gateway token rotation
GHSA-5h3f-885m-v22w OpenClaw: cross-channel allowlist write bypass
GHSA-vc32-h5mq-453v OpenClaw: stale auth closure bypasses gateway access control
GHSA-68x5-xx89-w9mm OpenClaw: auth bypass enables persistent browser profile mutation
GHSA-cmfr-9m2r-xwhq OpenClaw: token rotation bypasses role approval
GHSA-whf9-3hcx-gq54 openclaw: local file exfiltration via trusted MEDIA refs
GHSA-qqq7-4hxc-x63c OpenClaw: eval approval bypass enables unintended code exec
GHSA-q2gc-xjqw-qp89 LangChain: f-string template injection exposes object internals
GHSA-926x-3r5x-gfhw Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial