AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
78
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patch Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2026-4963 smolagents: code injection via incomplete sandbox fix 6.3 0.0% smolagents Mar 27 HIGH E CVE-2025-15381 MLflow: broken access control exposes experiment traces 8.1 0.0% mlflow Mar 27 CRIT GHSA-5mg7-485q-xm76 litellm: supply chain attack harvests AI API credentials — — litellm Mar 25 CRIT CVE-2025-33244 NVIDIA: Deserialization enables RCE 9.0 0.1% — Mar 24 UNKN E CVE-2026-33401 Wallos: SSRF allows internal network access — 0.0% — Mar 24 HIGH E CVE-2026-33484 langflow: Access Control bypass enables privilege escalation 7.5 0.0% langflow Mar 24 CRIT E CVE-2026-33475 langflow: security flaw enables exploitation 9.1 0.1% langflow Mar 24 MEDI E CVE-2026-30886 AI component: IDOR enables unauthorized data access 6.5 0.0% — Mar 23 MEDI E CVE-2026-4538 AI component: Input Validation flaw enables exploitation 5.3 0.0% — Mar 22 HIGH CVE-2026-33053 langflow: IDOR enables unauthorized data access 8.8 0.0% langflow Mar 20 CRIT CVE-2026-33017 langflow: Code Injection enables RCE 9.8 41.2% langflow Mar 20 HIGH E CVE-2026-33236 nltk: Path Traversal enables file access 8.1 0.0% — Mar 19 HIGH E CVE-2026-33155 deepdiff: DoS causes service disruption — 0.1% — Mar 18 CRIT E CVE-2026-28500 onnx: Integrity Verification bypass enables tampering 9.1 0.0% onnx Mar 18 UNKN CVE-2026-25083 GROWI: Missing Auth allows unauthorized operations — 0.0% — Mar 16 CRIT E CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 0.4% openclaw Mar 11 CRIT E CVE-2026-25960 vllm: SSRF allows internal network access 9.8 0.0% vllm Mar 9 CRIT E CVE-2026-30824 Flowise: auth bypass exposes NVIDIA NIM container endpoints 9.8 9.4% flowise Mar 7 UNKN E CVE-2026-30823 Flowise: IDOR enables account takeover and SSO bypass — 0.0% flowise Mar 7 UNKN E CVE-2026-30822 Flowise: mass assignment allows unauthenticated DB injection — 0.3% flowise Mar 7 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial