{"total":48,"offset":0,"limit":50,"records":[{"ave_id":"AVE-2026-00001","title":"Metamorphic payload via external config fetch","attack_class":"Supply Chain - Metamorphic Payload","severity":"HIGH","aivss_score":8.0,"component_type":"skill","status":"active","mutation_count":89,"published":"2026-04-01T09:00:00Z","owasp_mapping":["ASI01","ASI04"],"owasp_mcp":["MCP04","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00001"},{"ave_id":"AVE-2026-00002","title":"MCP tool description behavioral injection","attack_class":"Prompt Injection - Tool Description","severity":"HIGH","aivss_score":7.3,"component_type":"mcp","status":"active","mutation_count":23,"published":"2026-04-01T09:00:00Z","owasp_mapping":["ASI01","ASI03"],"owasp_mcp":["MCP03","MCP10"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00002"},{"ave_id":"AVE-2026-00003","title":"Credential exfiltration via agent instruction","attack_class":"Data Exfiltration - Credential Theft","severity":"MEDIUM","aivss_score":6.8,"component_type":"skill","status":"active","mutation_count":12,"published":"2026-04-01T09:00:00Z","owasp_mapping":["ASI01","ASI06"],"owasp_mcp":["MCP01","MCP05"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00003"},{"ave_id":"AVE-2026-00004","title":"Arbitrary code execution via shell pipe injection in agentic component","attack_class":"Tool Abuse - Shell Pipe Injection","severity":"MEDIUM","aivss_score":5.9,"component_type":"skill","status":"active","mutation_count":34,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP05","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00004"},{"ave_id":"AVE-2026-00005","title":"Recursive file system destruction via destructive command injection in agentic component","attack_class":"Tool Abuse - Destructive Command","severity":"MEDIUM","aivss_score":5.6,"component_type":"skill","status":"active","mutation_count":18,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI07"],"owasp_mcp":["MCP05"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00005"},{"ave_id":"AVE-2026-00006","title":"Cryptocurrency wallet drain via malicious fund transfer instruction in agentic component","attack_class":"Tool Abuse - Cryptocurrency Drain","severity":"HIGH","aivss_score":7.5,"component_type":"skill","status":"active","mutation_count":27,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI07"],"owasp_mcp":["MCP05","MCP02"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00006"},{"ave_id":"AVE-2026-00007","title":"Agent goal hijack via direct instruction override in agentic component","attack_class":"Prompt Injection - Goal Hijack","severity":"MEDIUM","aivss_score":6.1,"component_type":"skill","status":"active","mutation_count":412,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI08"],"owasp_mcp":["MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00007"},{"ave_id":"AVE-2026-00008","title":"Agent persistence via self-replication instruction in agentic component","attack_class":"Persistence - Self-Replication","severity":"MEDIUM","aivss_score":6.3,"component_type":"skill","status":"active","mutation_count":22,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI07"],"owasp_mcp":["MCP05","MCP04"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00008"},{"ave_id":"AVE-2026-00009","title":"AI identity jailbreak via role-play or persona override in agentic component","attack_class":"Prompt Injection - Jailbreak","severity":"MEDIUM","aivss_score":5.5,"component_type":"skill","status":"active","mutation_count":287,"published":"2026-04-20T09:00:00Z","owasp_mapping":["ASI01","ASI08"],"owasp_mcp":["MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00009"},{"ave_id":"AVE-2026-00010","title":"Covert instruction concealment via secrecy directive in agentic component","attack_class":"Prompt Injection - Hidden Instruction","severity":"MEDIUM","aivss_score":5.6,"component_type":"skill","status":"active","mutation_count":134,"published":"2026-04-20T09:00:00Z","owasp_mapping":["ASI01","ASI09"],"owasp_mcp":["MCP06","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00010"},{"ave_id":"AVE-2026-00011","title":"Arbitrary tool invocation via dynamic tool call injection in agentic component","attack_class":"Tool Abuse - Dynamic Tool Call","severity":"MEDIUM","aivss_score":5.7,"component_type":"skill","status":"active","mutation_count":78,"published":"2026-04-20T09:00:00Z","owasp_mapping":["ASI07"],"owasp_mcp":["MCP03","MCP05"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00011"},{"ave_id":"AVE-2026-00012","title":"Capability escalation via false permission grant in agentic component","attack_class":"Privilege Escalation - Permission Grant","severity":"MEDIUM","aivss_score":4.5,"component_type":"skill","status":"active","mutation_count":92,"published":"2026-04-20T09:00:00Z","owasp_mapping":["ASI01","ASI08"],"owasp_mcp":["MCP02","MCP07"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00012"},{"ave_id":"AVE-2026-00013","title":"Personal data exfiltration via PII collection and transmission in agentic component","attack_class":"Data Exfiltration - PII Theft","severity":"MEDIUM","aivss_score":6.5,"component_type":"skill","status":"active","mutation_count":103,"published":"2026-04-20T09:00:00Z","owasp_mapping":["ASI01","ASI06"],"owasp_mcp":["MCP01","MCP05"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00013"},{"ave_id":"AVE-2026-00014","title":"False authority claim via trust escalation impersonation in agentic component","attack_class":"Social Engineering - Trust Escalation","severity":"LOW","aivss_score":3.7,"component_type":"skill","status":"active","mutation_count":67,"published":"2026-04-20T09:00:00Z","owasp_mapping":["ASI01","ASI08"],"owasp_mcp":["MCP07","MCP09"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00014"},{"ave_id":"AVE-2026-00015","title":"System prompt extraction via direct interrogation instruction in agentic component","attack_class":"Information Disclosure - System Prompt Leak","severity":"MEDIUM","aivss_score":4.9,"component_type":"prompt","status":"active","mutation_count":198,"published":"2026-04-20T09:00:00Z","owasp_mapping":["ASI01","ASI09"],"owasp_mcp":["MCP10","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00015"},{"ave_id":"AVE-2026-00016","title":"Indirect Prompt Injection via RAG Retrieval","attack_class":"Prompt Injection - RAG Retrieval","severity":"MEDIUM","aivss_score":6.4,"component_type":"rag","status":"active","mutation_count":8,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI10"],"owasp_mcp":["MCP10","MCP03"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00016"},{"ave_id":"AVE-2026-00017","title":"MCP Server Impersonation or Spoofing","attack_class":"Supply Chain - Server Impersonation","severity":"MEDIUM","aivss_score":5.7,"component_type":"mcp","status":"active","mutation_count":5,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI08"],"owasp_mcp":["MCP09","MCP07"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00017"},{"ave_id":"AVE-2026-00018","title":"Tool Result Manipulation or Output Poisoning","attack_class":"Tool Abuse - Result Manipulation","severity":"MEDIUM","aivss_score":4.4,"component_type":"mcp","status":"active","mutation_count":6,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP03","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00018"},{"ave_id":"AVE-2026-00019","title":"Agent Memory Poisoning","attack_class":"Persistence - Memory Poisoning","severity":"MEDIUM","aivss_score":5.6,"component_type":"skill","status":"active","mutation_count":7,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI09"],"owasp_mcp":["MCP10","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00019"},{"ave_id":"AVE-2026-00020","title":"Cross-Agent Prompt Injection (A2A)","attack_class":"Prompt Injection - Cross-Agent A2A","severity":"MEDIUM","aivss_score":5.9,"component_type":"skill","status":"active","mutation_count":4,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI08"],"owasp_mcp":["MCP10","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00020"},{"ave_id":"AVE-2026-00021","title":"Autonomous Action Without User Confirmation","attack_class":"Prompt Injection - Human-in-Loop Bypass","severity":"MEDIUM","aivss_score":4.5,"component_type":"skill","status":"active","mutation_count":9,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI04"],"owasp_mcp":["MCP02","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00021"},{"ave_id":"AVE-2026-00022","title":"Scope Creep - Accessing Undeclared Resources","attack_class":"Privilege Escalation - Scope Creep","severity":"MEDIUM","aivss_score":6.0,"component_type":"skill","status":"active","mutation_count":11,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP02"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00022"},{"ave_id":"AVE-2026-00023","title":"Model Context Window Manipulation","attack_class":"Prompt Injection - Context Window Manipulation","severity":"MEDIUM","aivss_score":5.8,"component_type":"mcp","status":"active","mutation_count":5,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01"],"owasp_mcp":["MCP10","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00023"},{"ave_id":"AVE-2026-00024","title":"Supply Chain - Content Type Mismatch (Magika)","attack_class":"Supply Chain - Content Type Mismatch","severity":"MEDIUM","aivss_score":6.8,"component_type":"mcp","status":"active","mutation_count":3,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI07"],"owasp_mcp":["MCP04"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00024"},{"ave_id":"AVE-2026-00025","title":"Conversation History Injection","attack_class":"Prompt Injection - Conversation History","severity":"MEDIUM","aivss_score":4.5,"component_type":"skill","status":"active","mutation_count":6,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI10"],"owasp_mcp":["MCP10","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00025"},{"ave_id":"AVE-2026-00026","title":"Exfiltration via Tool Output Encoding","attack_class":"Data Exfiltration - Output Encoding","severity":"MEDIUM","aivss_score":6.8,"component_type":"mcp","status":"active","mutation_count":7,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI06"],"owasp_mcp":["MCP01","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00026"},{"ave_id":"AVE-2026-00027","title":"Multi-Turn Attack - Instruction Persistence Across Conversations","attack_class":"Prompt Injection - Multi-Turn Persistence","severity":"MEDIUM","aivss_score":5.6,"component_type":"skill","status":"active","mutation_count":8,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI09"],"owasp_mcp":["MCP06","MCP10"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00027"},{"ave_id":"AVE-2026-00028","title":"Prompt Injection via File or Document Content","attack_class":"Prompt Injection - File Content","severity":"MEDIUM","aivss_score":5.9,"component_type":"skill","status":"active","mutation_count":9,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI06"],"owasp_mcp":["MCP10","MCP03"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00028"},{"ave_id":"AVE-2026-00029","title":"Homoglyph or Unicode Obfuscation Attack","attack_class":"Obfuscation - Unicode Homoglyph","severity":"MEDIUM","aivss_score":4.8,"component_type":"skill","status":"active","mutation_count":15,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI03"],"owasp_mcp":["MCP03","MCP04"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00029"},{"ave_id":"AVE-2026-00030","title":"Privilege Escalation via False Role Claim","attack_class":"Privilege Escalation - False Role Claim","severity":"MEDIUM","aivss_score":4.3,"component_type":"skill","status":"active","mutation_count":7,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI08"],"owasp_mcp":["MCP07","MCP02"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00030"},{"ave_id":"AVE-2026-00031","title":"Training Data or Feedback Loop Poisoning","attack_class":"Persistence - Feedback Loop Poisoning","severity":"MEDIUM","aivss_score":5.4,"component_type":"skill","status":"active","mutation_count":4,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI09"],"owasp_mcp":["MCP06","MCP04"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00031"},{"ave_id":"AVE-2026-00032","title":"Network Reconnaissance Instruction","attack_class":"Reconnaissance - Internal Network Scanning","severity":"MEDIUM","aivss_score":4.0,"component_type":"skill","status":"active","mutation_count":5,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI05","ASI06"],"owasp_mcp":["MCP05","MCP02"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00032"},{"ave_id":"AVE-2026-00033","title":"Unsafe Deserialization or Eval Instruction","attack_class":"Tool Abuse - Unsafe Deserialization","severity":"MEDIUM","aivss_score":4.2,"component_type":"skill","status":"active","mutation_count":6,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP05","MCP04"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00033"},{"ave_id":"AVE-2026-00034","title":"Supply Chain - Dynamic Third-Party Skill Import","attack_class":"Supply Chain - Dynamic Skill Import","severity":"MEDIUM","aivss_score":6.6,"component_type":"skill","status":"active","mutation_count":5,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP04","MCP03"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00034"},{"ave_id":"AVE-2026-00035","title":"Environment or Sensor Data Manipulation","attack_class":"Manipulation - Sensor Data Poisoning","severity":"MEDIUM","aivss_score":4.2,"component_type":"skill","status":"active","mutation_count":4,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP03","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00035"},{"ave_id":"AVE-2026-00036","title":"Lateral Movement - Pivot to Other Systems","attack_class":"Lateral Movement - Agent Pivot","severity":"MEDIUM","aivss_score":5.9,"component_type":"skill","status":"active","mutation_count":6,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI05"],"owasp_mcp":["MCP05","MCP02"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00036"},{"ave_id":"AVE-2026-00037","title":"Prompt Injection via Image or Vision Input","attack_class":"Prompt Injection - Multimodal Vision","severity":"MEDIUM","aivss_score":5.1,"component_type":"skill","status":"active","mutation_count":7,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI10"],"owasp_mcp":["MCP10","MCP03"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00037"},{"ave_id":"AVE-2026-00038","title":"Excessive Agency - Unbounded Tool Use or Sub-Agent Spawning","attack_class":"Tool Abuse - Unbounded Tool Use","severity":"MEDIUM","aivss_score":5.9,"component_type":"skill","status":"active","mutation_count":8,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP02","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00038"},{"ave_id":"AVE-2026-00039","title":"Covert Channel - Steganographic Data Exfiltration","attack_class":"Data Exfiltration - Covert Channel","severity":"MEDIUM","aivss_score":4.9,"component_type":"skill","status":"active","mutation_count":6,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI06"],"owasp_mcp":["MCP01","MCP08"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00039"},{"ave_id":"AVE-2026-00040","title":"Insecure Output - Unescaped Injection into Downstream System","attack_class":"Tool Abuse - Insecure Output Handling","severity":"MEDIUM","aivss_score":5.4,"component_type":"mcp","status":"active","mutation_count":12,"published":"2026-04-19T09:00:00Z","owasp_mapping":["ASI01","ASI07"],"owasp_mcp":["MCP05","MCP10"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00040"},{"ave_id":"AVE-2026-00041","title":"Prompt injection via MCP server-card tool descriptions before agent makes first call","attack_class":"Prompt Injection - MCP Server-Card Injection","severity":"HIGH","aivss_score":8.2,"component_type":"mcp-server-card","status":"active","mutation_count":34,"published":"2026-05-01T00:00:00Z","owasp_mapping":["ASI01","ASI03","ASI08"],"owasp_mcp":["MCP03","MCP09"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00041"},{"ave_id":"AVE-2026-00042","title":"Payload injection into agent-generated orchestration code via poisoned tool results in REPL/Code Mode","attack_class":"Prompt Injection - REPL Code Mode Payload Injection","severity":"MEDIUM","aivss_score":4.7,"component_type":"skill","status":"active","mutation_count":28,"published":"2026-05-01T00:00:00Z","owasp_mapping":["ASI04","ASI01","ASI10"],"owasp_mcp":["MCP05","MCP10"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00042"},{"ave_id":"AVE-2026-00043","title":"Prompt injection via rich UI payload (canvas, artifact, form) rendered by MCP App","attack_class":"Prompt Injection - MCP App UI Payload Injection","severity":"MEDIUM","aivss_score":4.7,"component_type":"mcp-server-card","status":"active","mutation_count":22,"published":"2026-05-01T00:00:00Z","owasp_mapping":["ASI01","ASI09"],"owasp_mcp":["MCP10","MCP03"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00043"},{"ave_id":"AVE-2026-00044","title":"Prompt injection via poisoned async task result injected into future agent context","attack_class":"Prompt Injection - Async Task Result Poisoning","severity":"MEDIUM","aivss_score":6.1,"component_type":"skill","status":"active","mutation_count":19,"published":"2026-05-01T00:00:00Z","owasp_mapping":["ASI01","ASI07","ASI08"],"owasp_mcp":["MCP10","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00044"},{"ave_id":"AVE-2026-00045","title":"Privilege escalation via cross-app-access - pivot from low-trust to high-trust MCP server using shared agent session","attack_class":"Privilege Escalation - Cross-App-Access Escalation","severity":"MEDIUM","aivss_score":6.4,"component_type":"skill","status":"active","mutation_count":26,"published":"2026-05-01T00:00:00Z","owasp_mapping":["ASI05","ASI08","ASI10"],"owasp_mcp":["MCP02","MCP09"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00045"},{"ave_id":"AVE-2026-00046","title":"MCP tool hook hijacking - redirect tool execution to attacker-controlled callback","attack_class":"Execution Hijack - Tool Hook Interception","severity":"CRITICAL","aivss_score":9.1,"component_type":"skill","status":"active","mutation_count":18,"published":"2026-05-16T00:00:00Z","owasp_mapping":["ASI04","ASI09"],"owasp_mcp":["MCP03","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00046"},{"ave_id":"AVE-2026-00047","title":"Hardcoded credentials in agent component - API keys and secrets exposed in skill files","attack_class":"Sensitive Data Exposure - Hardcoded Credentials","severity":"HIGH","aivss_score":7.8,"component_type":"skill","status":"active","mutation_count":31,"published":"2026-05-16T00:00:00Z","owasp_mapping":["ASI02","ASI06"],"owasp_mcp":["MCP09","MCP02"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00047"},{"ave_id":"AVE-2026-00048","title":"Unsafe agent delegation chain - sub-agent spawned with inherited permissions and no trust boundary","attack_class":"Privilege Escalation - Unsafe Agent Delegation","severity":"HIGH","aivss_score":8.2,"component_type":"skill","status":"active","mutation_count":22,"published":"2026-05-16T00:00:00Z","owasp_mapping":["ASI04","ASI09"],"owasp_mcp":["MCP03","MCP06"],"piranha_url":"https://api.piranha.bawbel.io/records/AVE-2026-00048"}]}