AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severity Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-rh7v-6w34-w2rr Flowise: MIME bypass enables persistent Node.js web shell RCE 7.1 — flowise Apr 16 HIGH GHSA-cvrr-qhgw-2mm6 Flowise: unauthenticated RCE via FILE-STORAGE bypass 7.7 — flowise-components Apr 16 HIGH GHSA-4jpm-cgx2-8h37 Flowise: unauth API exposes plaintext API keys and tokens — — flowise Apr 16 HIGH GHSA-48m6-ch88-55mj Flowise: Mass Assignment allows cross-tenant org takeover 8.1 — flowise Apr 16 HIGH GHSA-f228-chmx-v6j6 Flowise: prompt injection RCE via AirtableAgent 8.3 — flowise-components Apr 16 HIGH CVE-2026-30617 LangChain-ChatChat: RCE via unauthenticated MCP interface 8.6 0.2% — Apr 15 HIGH GHSA-p4h8-56qp-hpgv mcp-ssh: argument injection enables LLM-driven local RCE — — — Apr 14 HIGH E CVE-2026-1462 Keras: safe_mode bypass allows RCE via model deserialization 8.8 0.1% keras Apr 13 HIGH GHSA-75hx-xj24-mqrw n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon 8.2 — n8n-mcp Apr 10 HIGH GHSA-g985-wjh9-qxxc PraisonAI: untrusted tools.py import enables RCE 8.4 — PraisonAI Apr 10 HIGH E CVE-2026-40114 PraisonAI: unauthenticated SSRF via unvalidated webhook_url 7.2 0.0% PraisonAI Apr 10 HIGH E CVE-2026-40160 praisonaiagents: SSRF in web_crawl exposes cloud metadata — 0.0% praisonaiagents Apr 10 HIGH GHSA-x462-jjpc-q4q4 praisonaiagents: CORS bypass enables silent agent RCE 8.1 — praisonaiagents Apr 10 HIGH E CVE-2026-40156 PraisonAI: auto tools.py load enables local RCE 7.8 0.0% praisonai Apr 10 HIGH GHSA-qwgj-rrpj-75xm PraisonAI: hardcoded approval bypass enables RCE 8.8 — PraisonAI Apr 10 HIGH E CVE-2026-40158 PraisonAI: AST sandbox bypass enables host RCE 8.6 0.0% PraisonAI Apr 10 HIGH E CVE-2026-40153 praisonaiagents: env var expansion exposes production secrets 7.4 0.0% praisonaiagents Apr 10 HIGH E CVE-2026-40149 PraisonAI: auth bypass disables agent safety controls 7.9 0.0% PraisonAI Apr 10 HIGH E CVE-2026-40217 LiteLLM: RCE via bytecode rewriting in guardrails API 8.8 0.2% litellm Apr 10 HIGH E CVE-2026-40150 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl 7.7 0.0% praisonaiagents Apr 9 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial