AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 145 results — Critical severity, no patch

Severity CVE ID Summary CVSS EPSS Package Date

CRIT CVE-2025-33244 NVIDIA APEX for Linux contains a vulnerability... 9.0 — — Mar 24 CRIT CVE-2026-33475 Langflow is a tool for building and deploying... 9.1 — langflow Mar 24 CRIT CVE-2026-33017 Langflow is a tool for building and deploying... 9.8 0.5% langflow Mar 20 CRIT CVE-2026-28500 Open Neural Network Exchange (ONNX) is an open... 9.1 0.0% onnx Mar 18 CRIT CVE-2026-25960 vLLM is an inference and serving engine for large... 9.8 0.0% vllm Mar 9 CRIT CVE-2026-30821 Flowise is a drag & drop user interface to build... 9.8 — — Mar 7 CRIT CVE-2026-27966 Langflow is a tool for building and deploying... 9.8 0.2% langflow Feb 26 CRIT CVE-2026-27577 n8n is an open source workflow automation... 9.9 — n8n Feb 25 CRIT CVE-2026-27495 n8n is an open source workflow automation... 9.9 — n8n Feb 25 CRIT CVE-2026-27494 n8n is an open source workflow automation... 9.9 — n8n Feb 25 CRIT CVE-2026-27493 n8n is an open source workflow automation... 9.0 — n8n Feb 25 CRIT CVE-2026-2654 A weakness has been identified in huggingface... 9.8 — smolagents Feb 18 CRIT CVE-2026-25115 n8n is an open source workflow automation... 9.9 — n8n Feb 4 CRIT CVE-2026-25053 n8n is an open source workflow automation... 9.9 — n8n Feb 4 CRIT CVE-2026-25052 n8n is an open source workflow automation... 9.9 — n8n Feb 4 CRIT CVE-2026-25049 n8n is an open source workflow automation... 9.9 — n8n Feb 4 CRIT CVE-2026-22778 vLLM is an inference and serving engine for large... 9.8 0.1% vllm Feb 2 CRIT CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in... — 0.0% — Feb 2 CRIT CVE-2026-25130 CAI find_file Agent Tool has Command Injection... 9.7 0.0% — Jan 30 CRIT CVE-2026-1470 n8n contains a critical Remote Code Execution... 9.9 — n8n Jan 27 CRIT CVE-2025-13374 The Kalrav AI Agent plugin for WordPress is... 9.8 — — Jan 24 CRIT CVE-2026-22807 vLLM is an inference and serving engine for large... 9.8 0.0% vllm Jan 21 CRIT CVE-2026-0863 Using string formatting and exception handling,... 9.9 — n8n Jan 18 CRIT CVE-2026-21877 n8n is an open source workflow automation... 9.9 — n8n Jan 8 CRIT CVE-2026-21858 n8n is an open source workflow automation... 10.0 — n8n Jan 8 CRIT CVE-2026-21445 Langflow is a tool for building and deploying... 9.1 0.1% langflow Jan 2 CRIT CVE-2025-68668 n8n is an open source workflow automation... 9.9 — n8n Dec 26 CRIT CVE-2025-68665 LangChain is a framework for building LLM-powered... 9.1 — langchain.js Dec 23 CRIT CVE-2025-63389 A critical authentication bypass vulnerability... 9.8 — ollama Dec 18 CRIT CVE-2025-67511 Cybersecurity AI (CAI) is an open-source... 9.6 0.2% — Dec 11 CRIT CVE-2025-34351 Ray's New Token Authentication is Disabled By... — 0.5% ray Nov 27 CRIT CVE-2025-62608 MLX is an array framework for machine learning on... 9.1 0.1% mlx Nov 21 CRIT CVE-2025-11201 MLflow Tracking Server Model Creation Directory... 9.8 9.1% mlflow Oct 29 CRIT CVE-2025-11200 MLflow Weak Password Requirements Authentication... 9.8 0.2% mlflow Oct 29 CRIT GHSA-m9mp-6x32-5rhg scio is vunerable to Remote Command Execution... — — — Oct 9 CRIT CVE-2025-59434 Flowise is a drag & drop user interface to build... 9.6 — — Sep 22 CRIT CVE-2025-9556 Langchaingo supports the use of jinja2 syntax... 9.8 — — Sep 12 CRIT CVE-2025-55526 n8n-workflows Main Commit ee25413 allows... 9.1 — fastapi Aug 26 CRIT CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability 10.0 — azure_openai Aug 7 CRIT CVE-2025-45150 Insecure permissions in LangChain-ChatGLM-Webui... 9.8 — langchain-chatglm-webui Aug 1 CRIT CVE-2025-54381 BentoML is a Python library for building online... 9.9 0.5% bentoml Jul 29 CRIT CVE-2025-46059 langchain-ai v0.3.51 was discovered to contain an... 9.8 — — Jul 29 CRIT CVE-2025-5120 A sandbox escape vulnerability was identified in... 10.0 0.3% smolagents Jul 27 CRIT CVE-2025-6853 A vulnerability classified as critical has been... 9.8 0.2% langchain-chatchat Jun 29 CRIT CVE-2025-53002 LLaMA-Factory is a tuning library for large... 9.8 1.6% llamafactory Jun 26 CRIT CVE-2025-2828 A Server-Side Request Forgery (SSRF)... 10.0 0.1% langchain Jun 23 CRIT CVE-2025-47277 vLLM, an inference and serving engine for large... 9.8 0.9% vllm May 20 CRIT CVE-2025-32444 vLLM is a high-throughput and memory-efficient... 9.8 2.5% vllm Apr 30 CRIT CVE-2025-32434 PyTorch is a Python package that provides tensor... 9.8 1.2% pytorch Apr 18 CRIT CVE-2025-32428 TigerVNC accessible via the network and not just... — 0.2% — Apr 12

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial