AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity

MEDIUM

OpenClaw: Heartbeat owner downgrade missed local async exec completion events

GHSA-g375-h3v6-4873

3w ago

openclaw Patch: 2026.4.10 CWE-269 4

MEDIUM

OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events

GHSA-g2hm-779g-vm32

3w ago

openclaw Patch: 2026.4.14 CWE-863 4

MEDIUM

OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation

GHSA-c4qm-58hj-j6pj

3w ago

openclaw Patch: 2026.4.14 CWE-918 4

MEDIUM

OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

GHSA-jwrq-8g5x-5fhm

3w ago

openclaw Patch: 2026.4.14 CWE-863 4

MEDIUM

OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials

GHSA-92jp-89mq-4374

3w ago

openclaw Patch: 2026.4.10 CWE-306 4

MEDIUM

langchain-text-splitters: SSRF bypass exposes cloud metadata

GHSA-fv5p-p927-qmxr

6.5

3w ago

Data Extraction Auth Bypass Framework RAG

langchain-text-splitters Patch: 1.1.2 CWE-918 2.6K 3 ATLAS

MEDIUM

Flowise: SSRF bypass enables cloud metadata access

GHSA-9hrv-gvrv-6gf2

3w ago

Data Extraction Auth Bypass Privacy Violation Agent Framework

flowise-components Patch: 3.1.0 CWE-918 4 ATLAS

MEDIUM

Flowise: SSRF bypass enables cloud credential theft

GHSA-qqvm-66q4-vf5c

3w ago

Data Extraction Auth Bypass Agent Framework Plugin

flowise-components Patch: 3.1.0 CWE-918 5 ATLAS

MEDIUM

Flowise: path traversal allows arbitrary file write via vector store

GHSA-w6v6-49gh-mc9w

3w ago

Code Execution Auth Bypass Framework Agent RAG

flowise-components Patch: 3.1.0 CWE-22 4 ATLAS

MEDIUM

Flowise: hardcoded default key enables JWT token forgery

GHSA-m7mq-85xj-9x33

5.6

3w ago

Auth Bypass Data Extraction Agent API

flowise Patch: 3.1.0 CWE-798 4 ATLAS

MEDIUM

Flowise: hardcoded session secret enables auth bypass

GHSA-2qqc-p94c-hxwh

5.6

3w ago

Auth Bypass Data Extraction Agent Framework

flowise Patch: 3.1.0 CWE-798 5 ATLAS

MEDIUM

Flowise: hardcoded JWT defaults enable full auth bypass

GHSA-cc4f-hjpj-g9p8

5.6

3w ago

Auth Bypass Data Extraction Agent Framework

flowise Patch: 3.1.0 CWE-327 5 ATLAS

MEDIUM

Flowise: unauthenticated SSO config exposes OAuth secrets

GHSA-6pcv-j4jx-m4vx

5.3

3w ago

Auth Bypass Data Extraction Agent API

flowise Patch: 3.1.0 CWE-306 5 ATLAS

MEDIUM EXPLOIT AVAIL

langsmith: prototype pollution enables auth bypass, RCE

Supply Chain Auth Bypass Code Execution Framework Agent Plugin

langsmith Patch: 0.5.18 CWE-1321 2.6K 4 ATLAS

MEDIUM EXPLOIT AVAIL

rembg: path traversal exposes arbitrary files via HTTP API

Data Extraction Privacy Violation Inference API

rembg Patch: 2.0.75 CWE-22 1.2K 4 ATLAS

MEDIUM

PraisonAI: SQL injection via table_prefix exposes DB

GHSA-x783-xp3g-mqhp

4w ago

Data Extraction Auth Bypass Agent Framework

PraisonAI Patch: 4.5.133 CWE-89 1 4 ATLAS

MEDIUM

PraisonAI: tool approval bypass leaks env credentials

GHSA-ffp3-3562-8cv3

5.5

4w ago

Auth Bypass Data Extraction Prompt Injection Agent Framework

praisonaiagents Patch: 4.5.128 CWE-863 11 5 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: MCP env inheritance exposes API keys

Supply Chain Data Leakage Data Extraction Agent Framework Plugin

PraisonAI Patch: 4.5.128 CWE-200 1 6 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: decompression bomb causes disk exhaustion

DoS Supply Chain Agent Framework

PraisonAI Patch: 4.5.128 CWE-409 1 4 ATLAS

MEDIUM EXPLOIT AVAIL

praisonaiagents: glob traversal leaks filesystem metadata

Data Extraction Privacy Violation Agent Plugin

praisonaiagents Patch: 1.5.128 CWE-22 11 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?