AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 167 results — Critical severity, no patch
Severity CVE ID Summary CVSS EPSS Package Date
CRIT CVE-2026-44211 cline: WebSocket auth bypass enables terminal RCE 9.6 May 8 CRIT CVE-2026-42208 LiteLLM: SQL injection exposes LLM API credentials 9.8 0.1% litellm May 8 CRIT CVE-2026-44484 pytorch-lightning: supply chain, credential harvesting pytorch-lightning May 7 CRIT CVE-2026-7482 Ollama: heap OOB read leaks API keys and chat data 9.1 0.1% ollama May 4 CRIT GHSA-wpqr-6v78-jr5g Gemini CLI: Remote Code Execution via workspace... 10.0 Apr 24 CRIT E CVE-2026-41276 Flowise is a drag & drop user interface to build... 9.8 0.2% flowise Apr 23 CRIT E CVE-2026-41268 Flowise is a drag & drop user interface to build... 9.8 0.7% flowise Apr 23 CRIT E CVE-2026-41267 Flowise is a drag & drop user interface to build... 9.8 0.3% flowise Apr 23 CRIT E CVE-2026-41265 Flowise is a drag & drop user interface to build... 9.8 0.2% flowise Apr 23 CRIT E CVE-2025-61260 OpenAI Codex CLI: RCE via malicious MCP config files 9.8 0.1% @openai/codex Apr 14 CRIT E CVE-2026-35022 Claude Code: OS command injection, credential theft 9.8 0.5% Apr 6 CRIT E CVE-2026-35216 Budibase: Unauthenticated RCE as root via webhook 9.1 0.6% Apr 4 CRIT E CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 5.5% mlflow Apr 3 CRIT E CVE-2026-0596 MLflow: command injection via model_uri in mlserver mode 9.6 0.2% Mar 31 CRIT GHSA-955r-262c-33jc telnyx: PyPI supply chain attack steals cloud creds Mar 30 CRIT GHSA-5mg7-485q-xm76 litellm: supply chain attack harvests AI API credentials litellm Mar 25 CRIT CVE-2025-33244 NVIDIA: Deserialization enables RCE 9.0 0.1% Mar 24 CRIT E CVE-2026-33475 langflow: security flaw enables exploitation 9.1 0.1% langflow Mar 24 CRIT CVE-2026-33017 langflow: Code Injection enables RCE 9.8 41.2% langflow Mar 20 CRIT E CVE-2026-28500 onnx: Integrity Verification bypass enables tampering 9.1 0.0% onnx Mar 18

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial