AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 220 results — Medium severity, has patchopenclaw: SSRF in marketplace plugin download
GHSA-vjx8-8p7h-82gr openclaw: media download bypass exhausts disk storage
GHSA-4g5x-2jfc-xm98 openclaw: operator scope bypass in phone arm/disarm cmds
GHSA-h2v7-xc88-xx8c MLflow: stored XSS via MLmodel YAML artifact upload
CVE-2026-33865 HuggingFace Transformers: RCE via malicious checkpoint load
CVE-2026-1839 OpenClaw: script preflight bypass enables unsafe exec
CVE-2026-34425 kedro-datasets: path traversal enables arbitrary file write
CVE-2026-35492 vLLM: OOM DoS via unbounded video frame decoding
CVE-2026-34755 vLLM: SSRF in batch API exposes cloud metadata endpoints
CVE-2026-34753 vLLM: DoS via unbounded n parameter causes OOM crash
CVE-2026-34756 OpenClaw: SSRF in marketplace fetch hits internal AI infra
GHSA-9q7v-8mr7-g23p ONNX: symlink traversal reads host files via model loading
CVE-2026-34447 ONNX: hardlink path traversal leaks sensitive files
CVE-2026-34446 Anthropic SDK: TOCTOU symlink escape in async memory tool
CVE-2026-34452 anthropic-ai/sdk: memory tool path traversal escape
CVE-2026-34451 anthropic-sdk: insecure file perms expose agent memory
CVE-2026-34450 OpenClaw: HTTP scope bypass enables model enumeration
GHSA-68f8-9mhj-h2mp openclaw: webhook rate-limit bypass enables token brute-force
CVE-2026-35646 openclaw: unauthenticated webhook parsing enables DoS
CVE-2026-35640 openclaw: auth bypass exposes agent session history via HTTP
CVE-2026-35657 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial