AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,616

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2026-30821 flowise: Arbitrary File Upload enables RCE 9.8 0.2% flowise Mar 7 HIGH E CVE-2026-30820 Flowise: header spoof auth bypass exposes admin API & creds 8.8 0.1% flowise Mar 7 MEDI CVE-2026-2589 Greenshift: Info Disclosure leaks sensitive data 5.3 0.0% Mar 6 CRIT CVE-2026-28451 OpenClaw: SSRF via Feishu extension exposes internal services 9.3 0.0% openclaw Mar 5 HIGH CVE-2026-25750 langsmith: security flaw enables exploitation 8.1 0.0% langsmith Mar 4 HIGH CVE-2026-0847 A vulnerability in NLTK versions up to and... 8.6 0.1% Mar 4 HIGH E CVE-2026-27905 bentoml: security flaw enables exploitation 7.8 0.0% bentoml Mar 3 HIGH E CVE-2026-28416 gradio: SSRF allows internal network access 8.6 0.0% gradio Feb 27 MEDI CVE-2026-28415 gradio: Info Disclosure leaks sensitive data 4.7 0.0% gradio Feb 27 HIGH E CVE-2026-28414 gradio: security flaw enables exploitation 7.5 3.2% gradio Feb 27 MEDI E CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 0.0% gradio Feb 27 CRIT E CVE-2026-27966 langflow: Code Injection enables RCE 9.8 36.6% langflow Feb 26 MEDI CVE-2026-27578 n8n: XSS enables session hijacking 5.4 0.0% n8n Feb 25 CRIT CVE-2026-27577 n8n: Code Injection enables RCE 9.9 0.2% n8n Feb 25 HIGH CVE-2026-27498 n8n: Code Injection enables RCE 8.8 0.6% n8n Feb 25 HIGH CVE-2026-27497 n8n: SQL Injection exposes database 8.8 0.1% n8n Feb 25 CRIT CVE-2026-27495 n8n: Code Injection enables RCE 9.9 0.1% n8n Feb 25 CRIT CVE-2026-27494 n8n: security flaw enables exploitation 9.9 0.1% n8n Feb 25 CRIT CVE-2026-27493 n8n: Code Injection enables RCE 9.0 0.3% n8n Feb 25 MEDI CVE-2026-27795 LangChain: SSRF allows internal network access 4.1 0.0% Feb 25

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial