AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 512 results — has patch Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-g2hm-779g-vm32 OpenClaw: Heartbeat owner downgrade missed... — — openclaw Apr 17 MEDI GHSA-c4qm-58hj-j6pj OpenClaw: Browser snapshot and screenshot routes... — — openclaw Apr 17 HIGH GHSA-8372-7vhw-cm6q OpenClaw: config.get redaction bypass through... — — openclaw Apr 17 MEDI GHSA-jwrq-8g5x-5fhm OpenClaw: Collect-mode queue batches could reuse... — — openclaw Apr 17 HIGH GHSA-5fw2-mwhh-9947 Flowise: Unauthenticated TTS endpoint accepts... — — flowise Apr 17 HIGH GHSA-w47f-j8rh-wx87 Flowise: Public chatflow endpoints return... — — flowise Apr 17 HIGH GHSA-3prp-9gf7-4rxx Flowise: Mass Assignment in DocumentStore Create... — — flowise Apr 17 MEDI GHSA-92jp-89mq-4374 OpenClaw: Sandbox noVNC helper route exposed... — — openclaw Apr 17 LOW GHSA-r7w7-9xr2-qq2r langchain-openai: SSRF DNS rebinding, blind network probe 3.1 — langchain-openai Apr 16 MEDI GHSA-fv5p-p927-qmxr langchain-text-splitters: SSRF bypass exposes cloud metadata 6.5 — langchain-text-splitters Apr 16 HIGH GHSA-w8hx-hqjv-vjcq Paperclip: RCE via workspace runtime command injection 7.3 — @paperclipai/server Apr 16 HIGH GHSA-f6hc-c5jr-878p Flowise: auth bypass enables account takeover via null token — — flowise Apr 16 HIGH GHSA-28g4-38q8-3cwc Flowise: Cypher injection allows full Neo4j DB wipe — — flowise-components Apr 16 HIGH GHSA-x5w6-38gp-mrqh Flowise: HTTP reset link exposes tokens to MITM takeover — — flowise Apr 16 HIGH GHSA-6f7g-v4pp-r667 Flowise: OAuth token theft via unauthenticated endpoint — — flowise Apr 16 HIGH GHSA-6r77-hqx7-7vw8 FlowiseAI: SSRF via prompt injection in API Chain 7.1 — flowise-components Apr 16 HIGH GHSA-2x8m-83vc-6wv4 Flowise: SSRF bypass exposes internal services 7.1 — flowise-components Apr 16 HIGH GHSA-xhmj-rg95-44hv Flowise: SSRF bypass exposes cloud IAM credentials 7.1 — flowise-components Apr 16 HIGH GHSA-rh7v-6w34-w2rr Flowise: MIME bypass enables persistent Node.js web shell RCE 7.1 — flowise Apr 16 HIGH GHSA-cvrr-qhgw-2mm6 Flowise: unauthenticated RCE via FILE-STORAGE bypass 7.7 — flowise-components Apr 16 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial