AI/ML Package Security Tracker
AI Threat Alert tracks known vulnerabilities across 125 AI/ML packages — LLM frameworks, ML libraries, vector databases, agent platforms, and inference servers — spanning the PyPI and npm ecosystems. Each package is ranked by 2398 known CVEs, severity, and a composite risk score, so the highest-risk dependencies in your AI stack surface first.
- CVE count
- Severity breakdown
- Risk score
- Patch status
- Ecosystem
- 125Packages Tracked
- 2398Total CVEs
- 361Critical CVEs
- 11Categories
AI Agents 21
AutoGen
pipBrowser Use
pipCline
npmComposio
pipCrewAI
pipFlowise
npmLangroid
pipLocal Deep Research
pipMCP Atlassian
pipMCP Server K8s
npmMobile MCP
npmOpenClaw
pipPPTAgent
pipPhidata
pipPraisonAI
pipPraisonAI Agents
pipPydantic AI
pipTaskWeaver
pipauth-fetch MCP
npmn8n
npmsmolagents
pipAI Security 11
ART
pipBoxlite
cargoBoxlite
pipBoxlite
npmFickling
pipGarak
pipGiskard
pipGuardrails AI
pipNeMo Guardrails
pipPromptfoo
npmpicklescan
pipAI Tools 10
Claude Code
npmDeepSeek TUI
cargoDeepSeek TUI
npmGemini CLI
npmJupyter
pipJupyter Notebook
pipLabel Studio
pipMicrosoft APM
pipPDFMathTranslate
pipWPBot
pipLLM APIs 8
Anthropic Node
npmAnthropic Python
pipCohere
pipGoogle GenAI
pipMistral AI
pipOpenAI Node
npmOpenAI Python
pipVertex AI SDK
pipLLM Frameworks 15
ChuanhuChatGPT
pipDSPy
pipGPT Academic
pipHaystack
pipLLaMA Factory
pipLangChain
pipLangChain Community
pipLangChain Core
pipLangGraph
pipLangflow
pipLlama Stack
pipLlamaIndex
pipLlamaIndex
pipLlamaIndex Core
pipSemantic Kernel
pipLLM Inference 7
ML Data 2
ML Libraries 26
Accelerate
pipDiffusers
pipExecuTorch
pipH2O
pipH2O XGBoost
mavenJAX
pipKeras
pipLightGBM
pipMLX
pipMONAI
pipONNX
pipONNX Runtime
pipPEFT
pipPyTorch
pipPyTorch Lightning
pipSafetensors
pipSentence Transformers
pipTRL
pipTensorFlow
pipTokenizers
pipTorchGeo
pipTransformers
pipXGBoost
pipXGrammar
pipscikit-learn
pipspaCy
pipMLOps 11
BentoML
pipClearML
pipDVC
pipInstructLab
pipLLaMA Factory
pipMLflow
pipMS Swift
pipRay
pipSageMaker
pipWeights & Biases
pipskops
pipML UI 7
Vector DBs 7
Frequently asked questions
What AI/ML packages does AI Threat Alert track?
AI Threat Alert tracks 125 AI/ML packages — LLM frameworks, ML libraries, vector databases, agent platforms, and inference servers — across the PyPI and npm ecosystems, grouped by category and ranked by CVE count.
How many AI package vulnerabilities are tracked?
2,398 known CVEs across the tracked AI/ML packages, updated as new advisories are published.
Which package ecosystems are covered?
Coverage spans the PyPI (Python) and npm (JavaScript) ecosystems, where most AI/ML libraries, frameworks, and tooling are distributed.
How is each package's risk scored?
Each package carries a risk score derived from its CVE count, severity distribution, and number of critical vulnerabilities, so the highest-risk dependencies surface first.
Where does the package vulnerability data come from?
Vulnerability data is sourced from NVD and GitHub Advisory and cross-referenced with package metadata from PyPI, npm, and deps.dev.
Monitor your AI stack
Get real-time alerts when new vulnerabilities affect the AI/ML packages in your stack. Filter by severity, get CISO analysis, and compliance mappings.
View Plans