AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 512 results — has patch Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2026-6598 Langflow: cleartext auth storage exposes API keys 4.3 0.0% langflow Apr 20 HIGH E CVE-2026-6596 Langflow: unauthenticated file upload allows RCE 7.3 0.1% langflow-base Apr 20 CRIT GHSA-v38x-c887-992f Flowise: prompt injection bypasses Python sandbox RCE — — flowise-components Apr 18 MEDI GHSA-f934-5rqf-xx47 OpenClaw: path traversal in memory_get reads arbitrary workspace files — — openclaw Apr 17 HIGH GHSA-mr34-9552-qr95 openclaw: path traversal leaks files and NTLM credentials — — openclaw Apr 17 CRIT GHSA-xh72-v6v9-mwhc OpenClaw: auth bypass enables unauthenticated command exec — — openclaw Apr 17 HIGH GHSA-2gvc-4f3c-2855 OpenClaw: auth bypass lets DM senders run room commands — — openclaw Apr 17 HIGH GHSA-xmxx-7p24-h892 OpenClaw: stale bearer token survives SecretRef rotation — — openclaw Apr 17 HIGH GHSA-rg3h-x3jw-7jm5 PraisonAI: SQL injection across 9 DB backends 8.1 — praisonaiagents Apr 17 CRIT GHSA-9qhq-v63v-fv3j PraisonAI: RCE via MCP command injection 9.8 — praisonai Apr 17 MEDI CVE-2026-35603 Claude Code: config hijack via unprotected ProgramData dir — 0.0% @anthropic-ai/claude-code Apr 17 MEDI GHSA-f7fh-qg34-x2xh openclaw: CDP SSRF enables internal host pivot — — openclaw Apr 17 MEDI GHSA-jhpv-5j76-m56h OpenClaw: auth bypass leaks host files via media path — — openclaw Apr 17 HIGH GHSA-66r7-m7xm-v49h openclaw: path traversal exposes host files via media tags — — openclaw Apr 17 HIGH GHSA-2cq5-mf3v-mx44 openclaw: exec approval bypass via opaque multi-call binaries — — openclaw Apr 17 HIGH GHSA-7jp6-r74r-995q openclaw: auth bypass lets write-scope callers mutate admin config — — openclaw Apr 17 HIGH GHSA-736r-jwj6-4w23 openclaw: sandbox escape via host=node exec routing bypass — — openclaw Apr 17 MEDI GHSA-536q-mj95-h29h openclaw: SSRF bypass via browser navigation guard gap — — openclaw Apr 17 MEDI GHSA-qmwg-qprg-3j38 openclaw: CDP pivot bypasses file:// navigation guards — — openclaw Apr 17 HIGH GHSA-939r-rj45-g2rj openclaw: untrusted plugin auto-enabled during onboarding — — openclaw Apr 17 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial