AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
230
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 569 results — Medium severity Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-5gjc-grvm-m88j openclaw: auth bypass enables persistent memory config change — — openclaw Apr 17 MEDI GHSA-g375-h3v6-4873 openclaw: privilege retention via async exec completion miss — — openclaw Apr 17 MEDI GHSA-g2hm-779g-vm32 openclaw: auth bypass preserves owner-level agent execution — — openclaw Apr 17 MEDI GHSA-c4qm-58hj-j6pj openclaw: SSRF bypass exposes internal pages in browser tool — — openclaw Apr 17 MEDI GHSA-jwrq-8g5x-5fhm openclaw: auth context reuse enables privilege escalation — — openclaw Apr 17 MEDI GHSA-92jp-89mq-4374 openclaw: auth bypass exposes sandbox browser session — — openclaw Apr 17 MEDI GHSA-fv5p-p927-qmxr langchain-text-splitters: SSRF bypass exposes cloud metadata 6.5 — langchain-text-splitters Apr 16 MEDI GHSA-9hrv-gvrv-6gf2 Flowise: SSRF bypass enables cloud metadata access — — flowise-components Apr 16 MEDI GHSA-qqvm-66q4-vf5c Flowise: SSRF bypass enables cloud credential theft — — flowise-components Apr 16 MEDI GHSA-w6v6-49gh-mc9w Flowise: path traversal allows arbitrary file write via vector store — — flowise-components Apr 16 MEDI GHSA-m7mq-85xj-9x33 Flowise: hardcoded default key enables JWT token forgery 5.6 — flowise Apr 16 MEDI GHSA-2qqc-p94c-hxwh Flowise: hardcoded session secret enables auth bypass 5.6 — flowise Apr 16 MEDI GHSA-cc4f-hjpj-g9p8 Flowise: hardcoded JWT defaults enable full auth bypass 5.6 — flowise Apr 16 MEDI GHSA-6pcv-j4jx-m4vx Flowise: unauthenticated SSO config exposes OAuth secrets 5.3 — flowise Apr 16 MEDI E CVE-2026-40190 langsmith: prototype pollution enables auth bypass, RCE 5.6 0.1% langsmith Apr 10 MEDI E CVE-2026-40086 rembg: path traversal exposes arbitrary files via HTTP API 5.3 0.1% rembg Apr 10 MEDI GHSA-x783-xp3g-mqhp PraisonAI: SQL injection via table_prefix exposes DB — — PraisonAI Apr 10 MEDI GHSA-ffp3-3562-8cv3 PraisonAI: tool approval bypass leaks env credentials 5.5 — praisonaiagents Apr 10 MEDI E CVE-2026-40159 PraisonAI: MCP env inheritance exposes API keys 5.5 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40148 PraisonAI: decompression bomb causes disk exhaustion 6.5 0.0% PraisonAI Apr 10 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial