AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-15381 MLflow: broken access control exposes experiment traces 8.1 0.0% mlflow Mar 27 HIGH E CVE-2026-28788 Open WebUI: BOLA enables RAG poisoning via file overwrite 7.1 0.0% open-webui Mar 27 HIGH E CVE-2026-33744 BentoML: command injection in bentofile.yaml containerize 7.8 0.0% bentoml Mar 27 HIGH CVE-2026-27893 vLLM: trust_remote_code bypass enables RCE 8.8 0.0% vllm Mar 27 HIGH CVE-2026-33724 n8n: SSH MitM enables malicious workflow injection 7.4 0.0% n8n Mar 25 HIGH CVE-2026-33713 n8n: SQLi in Data Table node, full DB compromise 8.8 0.0% n8n Mar 25 HIGH CVE-2026-33696 n8n: Prototype pollution enables RCE via workflow nodes 8.8 0.2% n8n Mar 25 HIGH CVE-2026-33665 n8n: LDAP email match enables permanent account takeover 8.2 0.0% n8n Mar 25 HIGH E CVE-2026-33497 langflow: Path Traversal enables file access 7.5 0.0% langflow Mar 24 HIGH E CVE-2026-33484 langflow: Access Control bypass enables privilege escalation 7.5 0.0% langflow Mar 24 HIGH CVE-2026-33053 langflow: IDOR enables unauthorized data access 8.8 0.0% langflow Mar 20 HIGH E CVE-2026-33236 nltk: Path Traversal enables file access 8.1 0.0% Mar 19 HIGH E CVE-2026-33155 deepdiff: DoS causes service disruption 0.1% Mar 18 HIGH E CVE-2025-14287 mlflow: Code Injection enables RCE 7.5 0.3% mlflow Mar 16 HIGH E CVE-2026-31829 Flowise: SSRF via HTTP Node exposes internal network 8.8 0.1% flowise-components Mar 10 HIGH E CVE-2026-27826 mcp-atlassian: SSRF allows internal network access 8.2 0.1% mcp-atlassian Mar 10 HIGH E CVE-2026-30820 Flowise: header spoof auth bypass exposes admin API & creds 8.8 0.1% flowise Mar 7 HIGH GHSA-5r2p-pjr8-7fh7 sagemaker: Allowlist Bypass evades input filtering sagemaker Mar 5 HIGH CVE-2026-25048 xgrammar: security flaw enables exploitation 0.1% xgrammar Mar 5 HIGH CVE-2026-25750 langsmith: security flaw enables exploitation 8.1 0.0% langsmith Mar 4

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial