AI Threat Alert
AI Component
RAG
RAG (Retrieval-Augmented Generation) vulnerabilities target the vector database, embedding pipeline, or retrieval logic that grounds LLM responses in external knowledge.
71
Total CVEs
4
Pages
Page 1 of 4
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-2492 | TensorFlow: security flaw enables exploitation | - | |
| MEDIUM | CVE-2026-4538 | AI component: Input Validation flaw enables exploitation | 5.3 | |
| MEDIUM | CVE-2026-27795 | LangChain: SSRF allows internal network access | 4.1 | |
| CRITICAL | CVE-2026-27966 | langflow: Code Injection enables RCE | langflow | 9.8 |
| MEDIUM | CVE-2026-2589 | Greenshift: Info Disclosure leaks sensitive data | 5.3 | |
| UNKNOWN | CVE-2026-25083 | GROWI: Missing Auth allows unauthorized operations | - | |
| CRITICAL | CVE-2026-28500 | onnx: Integrity Verification bypass enables tampering | onnx | 9.1 |
| HIGH | CVE-2026-2033 | mlflow: Path Traversal enables file access | mlflow | 8.1 |
| CRITICAL | CVE-2026-2635 | mlflow: security flaw enables exploitation | mlflow | 9.8 |
| CRITICAL | CVE-2026-25960 | vllm: SSRF allows internal network access | vllm | 9.8 |
| MEDIUM | CVE-2026-28415 | gradio: Info Disclosure leaks sensitive data | gradio | 4.7 |
| CRITICAL | CVE-2026-30821 | flowise: Arbitrary File Upload enables RCE | flowise | 9.8 |
| CRITICAL | CVE-2026-27493 | n8n: Code Injection enables RCE | n8n | 9.0 |
| CRITICAL | CVE-2026-27494 | n8n: security flaw enables exploitation | n8n | 9.9 |
| CRITICAL | CVE-2026-27495 | n8n: Code Injection enables RCE | n8n | 9.9 |
| HIGH | CVE-2026-27497 | n8n: SQL Injection exposes database | n8n | 8.8 |
| HIGH | CVE-2026-27498 | n8n: Code Injection enables RCE | n8n | 8.8 |
| CRITICAL | CVE-2026-27577 | n8n: Code Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2026-27578 | n8n: XSS enables session hijacking | n8n | 5.4 |
| MEDIUM | CVE-2025-12343 | ffmpeg: security flaw enables exploitation | 5.5 |
Page 1 of 4