AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 220 results — Medium severity, has patch

MEDIUM

n8n: stored XSS via malicious OAuth2 Authorization URL

GHSA-364x-8g5j-x2pr

5.4

1mo ago

Code Execution Data Extraction Social Engineering Agent Framework Plugin

n8n Patch: 2.8.0 CWE-79 16 7 ATLAS

MEDIUM

n8n: Stored XSS in Chat Trigger via CSS injection

GHSA-3c7f-5hgj-h279

5.4

1mo ago

Code Execution Data Extraction Agent Framework

n8n Patch: 1.123.27 CWE-79 16 6 ATLAS

MEDIUM

n8n: stored XSS enables phishing via Form Node

GHSA-w673-8fjw-457c

4.1

1mo ago

Social Engineering Data Extraction Agent Framework

n8n Patch: 2.12.0 CWE-79 16 4 ATLAS

MEDIUM

n8n: Stored XSS in Form Trigger enables phishing

GHSA-q4fm-pjq6-m63g

5.4

1mo ago

Social Engineering Data Extraction Agent Framework

n8n Patch: 2.11.2 CWE-79 16 4 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: missing authz allows cross-KB file deletion

Auth Bypass DoS RAG Framework

open-webui Patch: 0.8.6 CWE-862 4 ATLAS

MEDIUM EXPLOIT AVAIL

Open WebUI: path traversal leaks server filesystem path

Data Extraction Data Leakage Framework API

open-webui Patch: 0.8.6 CWE-22 4 ATLAS

MEDIUM

Streamlit: SSRF leaks NTLMv2 creds via UNC path

Data Leakage Auth Bypass Framework

Streamlit Patch: 1.54.0 CWE-918 2.8K 4 ATLAS

MEDIUM

n8n: LDAP injection enables auth bypass in workflows

Auth Bypass Data Extraction Agent Framework

n8n Patch: 1.123.27 CWE-90 16 3 ATLAS

MEDIUM

n8n: secrets vault bypass exposes credentials to low-priv users

Auth Bypass Data Extraction Data Leakage Agent Framework API

n8n Patch: 1.123.23 CWE-863 16 5 ATLAS

MEDIUM

n8n: OAuth state forgery hijacks user credentials

Auth Bypass Social Engineering Data Extraction Agent Framework API

n8n Patch: 2.8.0 CWE-863 16 6 ATLAS

MEDIUM

n8n: uninitialized buffer leaks secrets via Task Runner

Data Leakage Data Extraction Agent Framework

n8n Patch: 1.123.22 CWE-908 16 4 ATLAS

MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-5cxw-w2xg-2m8h

1mo ago

Supply Chain Data Extraction Code Execution Framework Model Training Data

fickling Patch: 0.1.10 CWE-184 57 5 ATLAS

MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-r48f-3986-4f9c

1mo ago

Data Extraction Code Execution Auth Bypass Framework

fickling Patch: 0.1.10 CWE-184 57 5 ATLAS

MEDIUM

langgraph: Deserialization enables RCE

Code Execution Data Leakage Supply Chain Framework Agent

langgraph Patch: 1.0.10 CWE-502 3.1K 5 ATLAS

MEDIUM

langgraph-checkpoint: Deserialization enables RCE

Code Execution Supply Chain Framework Agent

langgraph-checkpoint Patch: 4.0.0 CWE-502 3.1K 4 ATLAS

MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-mhc9-48gj-9gp3

2mo ago

Supply Chain Code Execution Framework Model

fickling Patch: 0.1.8 CWE-184 57 7 ATLAS

MEDIUM EXPLOIT AVAIL

ray: Missing Auth allows unauthenticated access

Auth Bypass DoS Framework Inference

ray Patch: 2.54.0 CWE-306 847 4 ATLAS

MEDIUM

pydantic-ai: Path Traversal enables file access

Code Execution Data Extraction Framework Agent

pydantic-ai-slim Patch: 1.51.0 CWE-22 416 5 ATLAS

MEDIUM

sagemaker: security flaw enables exploitation

Supply Chain Code Execution Inference Framework

sagemaker Patch: 3.1.1 CWE-295 51 5 ATLAS

MEDIUM

picklescan: Deserialization enables RCE

GHSA-m7j5-r2p5-c39r

3mo ago

Supply Chain DoS Code Execution Framework Model Training Data

picklescan Patch: 1.0.1 CWE-502 3 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?