AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-4jpm-cgx2-8h37 Flowise: unauth API exposes plaintext API keys and tokens flowise Apr 16 HIGH GHSA-48m6-ch88-55mj Flowise: Mass Assignment allows cross-tenant org takeover 8.1 flowise Apr 16 CRIT GHSA-9wc7-mj3f-74xv Flowise CSVAgent: RCE via Python code injection flowise-components Apr 16 HIGH GHSA-f228-chmx-v6j6 Flowise: prompt injection RCE via AirtableAgent 8.3 flowise-components Apr 16 MEDI GHSA-9hrv-gvrv-6gf2 Flowise: SSRF bypass enables cloud metadata access flowise-components Apr 16 MEDI GHSA-qqvm-66q4-vf5c Flowise: SSRF bypass enables cloud credential theft flowise-components Apr 16 MEDI GHSA-w6v6-49gh-mc9w Flowise: path traversal allows arbitrary file write via vector store flowise-components Apr 16 MEDI GHSA-m7mq-85xj-9x33 Flowise: hardcoded default key enables JWT token forgery 5.6 flowise Apr 16 MEDI GHSA-2qqc-p94c-hxwh Flowise: hardcoded session secret enables auth bypass 5.6 flowise Apr 16 MEDI GHSA-cc4f-hjpj-g9p8 Flowise: hardcoded JWT defaults enable full auth bypass 5.6 flowise Apr 16 MEDI GHSA-6pcv-j4jx-m4vx Flowise: unauthenticated SSO config exposes OAuth secrets 5.3 flowise Apr 16 LOW GHSA-gj9q-8w99-mp8j openclaw: TOCTOU race bypasses exec script preflight openclaw Apr 16 CRIT E CVE-2026-40933 Flowise: RCE via MCP stdio command injection 9.9 0.0% flowise-components Apr 16 HIGH E CVE-2026-1462 Keras: safe_mode bypass allows RCE via model deserialization 8.8 0.1% keras Apr 13 HIGH GHSA-75hx-xj24-mqrw n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon 8.2 n8n-mcp Apr 10 MEDI E CVE-2026-40190 langsmith: prototype pollution enables auth bypass, RCE 5.6 0.1% langsmith Apr 10 MEDI E CVE-2026-40086 rembg: path traversal exposes arbitrary files via HTTP API 5.3 0.1% rembg Apr 10 CRIT GHSA-8x8f-54wf-vv92 PraisonAI: auth bypass enables browser session hijack 9.1 PraisonAI Apr 10 CRIT GHSA-vc46-vw85-3wvm PraisonAI: RCE via malicious workflow YAML execution 9.8 PraisonAI Apr 10 HIGH GHSA-g985-wjh9-qxxc PraisonAI: untrusted tools.py import enables RCE 8.4 PraisonAI Apr 10

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial