AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 225 results — Critical severity
Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2026-21877 n8n: Code Injection enables RCE 9.9 14.1% n8n Jan 8 CRIT CVE-2026-21858 n8n: Input Validation flaw enables exploitation 10.0 6.6% n8n Jan 8 CRIT E CVE-2026-21445 langflow: Missing Auth allows unauthenticated access 9.1 11.0% langflow Jan 2 CRIT E CVE-2025-68668 n8n: Protection Bypass circumvents security controls 9.9 0.1% n8n Dec 26 CRIT E CVE-2025-68665 langchain.js: Deserialization enables RCE 9.1 0.1% langchain.js Dec 23 CRIT CVE-2025-14931 Hugging Face smolagents: Unsafe deserialization... 10.0 4.6% smolagents Dec 23 CRIT CVE-2025-63389 ollama: Missing Auth allows unauthenticated access 9.8 0.2% ollama Dec 18 CRIT E CVE-2025-67511 cai-framework: Command Injection enables RCE 9.6 0.1% Dec 11 CRIT CVE-2025-34351 ray: security flaw enables exploitation 0.5% ray Nov 27 CRIT CVE-2025-62593 ray: Code Injection enables RCE 0.0% ray Nov 26 CRIT E CVE-2025-62608 mlx: security flaw enables exploitation 9.1 0.1% mlx Nov 21 CRIT E CVE-2025-12060 keras: Path Traversal enables file access 9.8 0.1% keras Oct 30 CRIT E CVE-2025-11201 mlflow: Path Traversal enables file access 9.8 9.8% mlflow Oct 29 CRIT CVE-2025-11200 mlflow: security flaw enables exploitation 9.8 0.2% mlflow Oct 29 CRIT E CVE-2025-49655 keras: Deserialization enables RCE 9.8 0.1% keras Oct 17 CRIT GHSA-m9mp-6x32-5rhg scio/PyTorch: torch.load weights_only bypass RCE Oct 9 CRIT E CVE-2025-61913 Flowise: path traversal in file tools leads to RCE 9.9 0.8% flowise Oct 8 CRIT E CVE-2025-59528 Flowise: Unauthenticated RCE via MCP config injection 10.0 83.9% flowise Sep 22 CRIT E CVE-2025-59434 Flowise Cloud: cross-tenant env var exposure leaks API keys 9.6 0.1% Sep 22 CRIT E CVE-2025-58434 Flowise: auth bypass in reset flow allows full ATO 9.8 21.0% flowise Sep 12

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial