AI/ML Package Security Tracker

AI Threat Alert tracks known vulnerabilities across 125 AI/ML packages — LLM frameworks, ML libraries, vector databases, agent platforms, and inference servers — spanning the PyPI and npm ecosystems. Each package is ranked by 2398 known CVEs, severity, and a composite risk score, so the highest-risk dependencies in your AI stack surface first.

Per package you'll find
  • CVE count
  • Severity breakdown
  • Risk score
  • Patch status
  • Ecosystem

AI Agents 21

AI Security 11

AI Tools 10

LLM APIs 8

LLM Frameworks 15

LLM Inference 7

ML Data 2

ML Libraries 26

MLOps 11

ML UI 7

Vector DBs 7

Frequently asked questions

What AI/ML packages does AI Threat Alert track?

AI Threat Alert tracks 125 AI/ML packages — LLM frameworks, ML libraries, vector databases, agent platforms, and inference servers — across the PyPI and npm ecosystems, grouped by category and ranked by CVE count.

How many AI package vulnerabilities are tracked?

2,398 known CVEs across the tracked AI/ML packages, updated as new advisories are published.

Which package ecosystems are covered?

Coverage spans the PyPI (Python) and npm (JavaScript) ecosystems, where most AI/ML libraries, frameworks, and tooling are distributed.

How is each package's risk scored?

Each package carries a risk score derived from its CVE count, severity distribution, and number of critical vulnerabilities, so the highest-risk dependencies surface first.

Where does the package vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory and cross-referenced with package metadata from PyPI, npm, and deps.dev.

Monitor your AI stack

Get real-time alerts when new vulnerabilities affect the AI/ML packages in your stack. Filter by severity, get CISO analysis, and compliance mappings.

View Plans