AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severityMLflow: broken access control exposes experiment traces
CVE-2025-15381 Open WebUI: BOLA enables RAG poisoning via file overwrite
CVE-2026-28788 BentoML: command injection in bentofile.yaml containerize
CVE-2026-33744 vLLM: trust_remote_code bypass enables RCE
CVE-2026-27893 n8n: SSH MitM enables malicious workflow injection
CVE-2026-33724 n8n: SQLi in Data Table node, full DB compromise
CVE-2026-33713 n8n: Prototype pollution enables RCE via workflow nodes
CVE-2026-33696 n8n: LDAP email match enables permanent account takeover
CVE-2026-33665 langflow: Path Traversal enables file access
CVE-2026-33497 langflow: Access Control bypass enables privilege escalation
CVE-2026-33484 langflow: IDOR enables unauthorized data access
CVE-2026-33053 nltk: Path Traversal enables file access
CVE-2026-33236 deepdiff: DoS causes service disruption
CVE-2026-33155 mlflow: Code Injection enables RCE
CVE-2025-14287 Flowise: SSRF via HTTP Node exposes internal network
CVE-2026-31829 mcp-atlassian: SSRF allows internal network access
CVE-2026-27826 Flowise: header spoof auth bypass exposes admin API & creds
CVE-2026-30820 sagemaker: Allowlist Bypass evades input filtering
GHSA-5r2p-pjr8-7fh7 xgrammar: security flaw enables exploitation
CVE-2026-25048 langsmith: security flaw enables exploitation
CVE-2026-25750 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial