AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems — LLM frameworks, ML libraries, AI agents, vector databases, and inference servers. Vulnerabilities are tracked from NVD, GitHub Advisory, CISA KEV, MITRE ATLAS, and enriched with CVSS, EPSS, exploitation confidence, AI-component classification, and compliance mappings to ISO 42001, EU AI Act, NIST AI RMF, and OWASP LLM Top 10. Updated continuously as new CVEs are published.
- CVSS severity
- EPSS exploit probability
- Exploitation confidence
- AI-component classification
- Compliance mappings
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 337 results — Critical severity CVE-2026-32922 OpenClaw before 2026.3.11 contains a privilege... 9.9 0.5% OpenClaw Mar 29 CRIT CVE-2026-33749 n8n: stored XSS enables credential theft via workflow 9.0 0.2% n8n Mar 25 CRIT CVE-2026-33663 n8n: member role steals plaintext HTTP credentials 10.0 0.4% n8n Mar 25 CRIT CVE-2026-33660 TensorFlow: type confusion NPD in tensor conversion 10.0 1.0% n8n Mar 25 CRIT GHSA-5mg7-485q-xm76 litellm: supply chain attack harvests AI API credentials — — litellm Mar 25 CRIT CVE-2025-33244 NVIDIA: Deserialization enables RCE 9.0 0.6% — Mar 24 CRIT E CVE-2026-33475 langflow: security flaw enables exploitation 9.1 3.0% langflow Mar 24 CRIT E CVE-2026-33309 langflow: Path Traversal enables file access 9.9 1.4% langflow Mar 24 CRIT CVE-2026-32913 OpenClaw before 2026.3.7 contains an improper... 9.3 0.3% OpenClaw Mar 23 CRIT CVE-2026-33017 langflow: Code Injection enables RCE 9.8 98.4% langflow Mar 20 CRIT CVE-2026-32038 OpenClaw before 2026.2.24 contains a sandbox... 9.8 0.3% OpenClaw Mar 19 CRIT E CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 0.7% mlflow Mar 18 CRIT E CVE-2026-28500 onnx: Integrity Verification bypass enables tampering 9.1 0.3% onnx Mar 18 CRIT E CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 0.8% openclaw Mar 11 CRIT E CVE-2026-27825 mcp-atlassian: Path Traversal enables file access 9.1 2.3% mcp-atlassian Mar 10 CRIT E CVE-2026-25960 vllm: SSRF allows internal network access 9.8 0.4% vllm Mar 9 CRIT E CVE-2026-30824 Flowise: auth bypass exposes NVIDIA NIM container endpoints 9.8 36.3% flowise Mar 7 CRIT E CVE-2026-30821 flowise: Arbitrary File Upload enables RCE 9.8 18.3% flowise Mar 7 CRIT CVE-2026-28451 OpenClaw: SSRF via Feishu extension exposes internal services 9.3 0.3% openclaw Mar 5 CRIT GHSA-g38g-8gr9-h9xp picklescan: Allowlist Bypass evades input filtering 9.8 — picklescan Mar 3 Frequently asked questions
What is an AI security threat feed?
An AI security threat feed is a continuously updated stream of vulnerabilities (CVEs) affecting AI and machine-learning systems — LLM frameworks, ML libraries, AI agents, vector databases, and inference servers — filtered out of the broader CVE firehose and enriched for relevance.
Which sources are the AI CVEs tracked from?
CVEs are tracked from NVD, GitHub Advisory, CISA KEV, and MITRE ATLAS, then enriched with CVSS, EPSS, exploitation confidence, AI-component classification, and compliance mappings.
What AI systems do these vulnerabilities affect?
Coverage spans LLM frameworks, ML libraries, AI agents, vector databases, and inference servers — the components most security teams now run in production.
How often is the AI threat feed updated?
The feed updates continuously as new CVEs are published and enriched, so the most recent AI/ML vulnerabilities appear at the top.
Is the AI security feed free?
Yes — the public feed is free to browse. A Pro subscription adds breaking alerts, MITRE ATLAS mappings, compliance reports (ISO 42001, EU AI Act), and full CISO analysis.
Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial