AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

230

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 569 results — Medium severity
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-34756 vLLM: DoS via unbounded n parameter causes OOM crash 6.5 0.0% vllm Apr 3 MEDI GHSA-9q7v-8mr7-g23p OpenClaw: SSRF in marketplace fetch hits internal AI infra openclaw Apr 2 MEDI E CVE-2026-34447 ONNX: symlink traversal reads host files via model loading 5.5 0.0% onnx Apr 1 MEDI CVE-2026-34446 ONNX: hardlink path traversal leaks sensitive files 4.7 0.0% onnx Apr 1 MEDI CVE-2026-34452 Anthropic SDK: TOCTOU symlink escape in async memory tool 0.0% anthropic Mar 31 MEDI CVE-2026-34451 anthropic-ai/sdk: memory tool path traversal escape 0.1% @anthropic-ai/sdk Mar 31 MEDI CVE-2026-34450 anthropic-sdk: insecure file perms expose agent memory 0.0% anthropic Mar 31 MEDI GHSA-68f8-9mhj-h2mp OpenClaw: HTTP scope bypass enables model enumeration openclaw Mar 30 MEDI CVE-2026-35646 openclaw: webhook rate-limit bypass enables token brute-force 0.1% openclaw Mar 29 MEDI CVE-2026-35640 openclaw: unauthenticated webhook parsing enables DoS 0.1% openclaw Mar 29 MEDI CVE-2026-35657 openclaw: auth bypass exposes agent session history via HTTP 0.0% openclaw Mar 29 MEDI GHSA-h8r8-wccr-v5f2 DOMPurify: mXSS bypass achieves XSS via parse-context switch Mar 27 MEDI GHSA-364x-8g5j-x2pr n8n: stored XSS via malicious OAuth2 Authorization URL 5.4 n8n Mar 27 MEDI GHSA-3c7f-5hgj-h279 n8n: Stored XSS in Chat Trigger via CSS injection 5.4 n8n Mar 27 MEDI GHSA-w673-8fjw-457c n8n: stored XSS enables phishing via Form Node 4.1 n8n Mar 27 MEDI GHSA-q4fm-pjq6-m63g n8n: Stored XSS in Form Trigger enables phishing 5.4 n8n Mar 27 MEDI E CVE-2026-4963 smolagents: code injection via incomplete sandbox fix 6.3 0.0% smolagents Mar 27 MEDI E CVE-2026-29070 open-webui: missing authz allows cross-KB file deletion 5.4 0.0% open-webui Mar 27 MEDI E CVE-2026-28786 Open WebUI: path traversal leaks server filesystem path 4.3 0.0% open-webui Mar 27 MEDI CVE-2026-33682 Streamlit: SSRF leaks NTLMv2 creds via UNC path 4.7 0.0% Streamlit Mar 26

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial