AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-527m-976r-jf79 openclaw: SSRF bypass in existing browser session routes openclaw Apr 17 MEDI GHSA-rj2p-j66c-mgqh openclaw: SSRF policy bypass in browser tab actions openclaw Apr 17 MEDI GHSA-f3h5-h452-vp3j openclaw: insufficient authz allows agent config persistence openclaw Apr 17 HIGH GHSA-525j-hqq2-66r4 openclaw: CDP relay exposes browser DevTools on 0.0.0.0 openclaw Apr 17 HIGH GHSA-82qx-6vj7-p8m2 openclaw: trust bypass loads untrusted workspace plugins openclaw Apr 17 MEDI GHSA-jf25-7968-h2h5 openclaw: path traversal bypasses workspace filesystem guard openclaw Apr 17 MEDI GHSA-53vx-pmqw-863c openclaw: Browser SSRF exposes internal services by default openclaw Apr 17 MEDI GHSA-xq94-r468-qwgj openclaw: DNS rebinding bypasses browser SSRF protection openclaw Apr 17 MEDI GHSA-2767-2q9v-9326 openclaw: QQBot SSRF leaks internal service responses openclaw Apr 17 MEDI GHSA-7wv4-cc7p-jhxc openclaw: .env injection hijacks agent runtime config openclaw Apr 17 MEDI GHSA-c9h3-5p7r-mrjh openclaw: path traversal bypasses media sandbox openclaw Apr 17 MEDI GHSA-49cg-279w-m73x openclaw: auth bypass via empty approver list openclaw Apr 17 MEDI GHSA-7g8c-cfr3-vqqr openclaw: trust escalation via unsanitized agent hook events openclaw Apr 17 HIGH GHSA-vfp4-8x56-j7c5 OpenClaw: Exec environment denylist missed... openclaw Apr 17 MEDI GHSA-j6c7-3h5x-99g9 openclaw: OS command injection via shell env-argv bypass openclaw Apr 17 MEDI GHSA-5gjc-grvm-m88j openclaw: auth bypass enables persistent memory config change openclaw Apr 17 LOW GHSA-gc9r-867r-j85f openclaw: auth bypass in Teams SSO invoke handler openclaw Apr 17 LOW GHSA-r77c-2cmr-7p47 openclaw: group policy bypass in delivery queue recovery openclaw Apr 17 MEDI GHSA-g375-h3v6-4873 OpenClaw: Heartbeat owner downgrade missed local... openclaw Apr 17 HIGH GHSA-vw3h-q6xq-jjm5 OpenClaw: Voice-call realtime WebSocket accepted... openclaw Apr 17

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial