AI Vulnerabilities by Vendor

Browse AI/ML vulnerabilities by the vendor that ships them. AI Threat Alert tracks 1,314 CVEs across 121 vendors — foundation-model providers, framework maintainers, and AI tooling companies including OpenAI, Anthropic, Google, Meta, Microsoft, and Hugging Face — with 198 critical issues, so you can see which vendors carry the most AI security exposure.

Vendor CVEs Critical
google 432 17
OpenClaw 224 11
n8n 64 16
lfprojects 49 10
gradio_project 47 7
langchain 35 20
flowiseai 33 9
linuxfoundation 31 4
vllm 31 7
huggingface 30 3
Red Hat 25 1
Flowise 22 8
langflow 19 7
ollama 19 1
opensuse 16 4
picklescan 14 7
n/a 13 4
opengeos 9 9
openclaw 9 2
oracle 7 7
keras 7 2
llamaindex 6 1
filamentphp 6 0
BerriAI 6 0
binary-husky 6 1
bentoml 5 3
Eliz Software 5 5
PraisonAI 5 0
litellm 5 1
Edimax 4 0
pytorch 4 2
quantumcloud 4 0
hiyouga 4 2
chatchat-space 3 1
mmaitre314 3 1
gaizhenbiao 3 1
openairinterface 3 0
pydantic 3 0
scikit-learn 3 1
snowflake 3 0
lightningai 3 2
leejet 2 0
pinpoint-apm 2 0
langchain-ai 2 0
taxopress 2 0
QR Menu Pro Smart Menu Systems 2 0
lollms 2 0
craftcms 2 0
ml-explore 2 1
FlowiseAI 2 0
intel 2 0
microsoft 2 1
mlflow 2 1
IBM 2 1
snorkel 2 0
sourcentis 1 0
suyogs 1 0
typebot 1 0
uapp 1 0
vasiliskerasiotis 1 1
vllm-project 1 1
webdigit 1 0
wolfSSL 1 0
x-d_lab 1 1
zanllp 1 0
Anthropic 1 0
zephyrproject-rtos 1 0
BSS Software 1 1
Chainlit 1 0
Elastic 1 0
Feast 1 1
ForceInjection 1 0
GST Electronics 1 1
Google Cloud 1 1
Grafana 1 0
Merkulove 1 0
Merkur Software 1 1
NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. 1 1
NousResearch 1 0
Ollama AI 1 0
Oracle Corporation 1 1
PickleScan 1 0
QQBot 1 0
QuantumCloud 1 0
Siemens AG 1 0
Sony 1 0
Teknolojik Center Telecommunication Industry Trade Co. Ltd. 1 0
Vesta 1 1
agpt 1 0
aliasrobotics 1 1
allegroai 1 0
amazon 1 0
anthropic 1 0
astoundify 1 0
ays-pro 1 0
bylancer 1 1
chuanhuchatgpt_project 1 0
combust 1 1
dtwang 1 0
exo-explore 1 0
ffmpeg 1 0
gradio 1 0
hestiacp 1 0
hliu 1 0
humansignal 1 0
increments 1 0
keras-team 1 0
kvcache-ai 1 1
langflow-ai 1 0
langgenius 1 0
lobehub 1 0
marimo-team 1 0
mcp-tool-shop-org 1 1
mindsdb 1 0
mintplexlabs 1 0
nltk 1 0
open-webui 1 0
openai 1 0
openwebui 1 0
pgadmin.org 1 1
sillytavern 1 0

Frequently asked questions

Which AI vendors does AI Threat Alert track?

AI Threat Alert tracks 121 vendors that publish AI/ML models, frameworks, or tooling — including OpenAI, Anthropic, Google, Meta, Microsoft, and Hugging Face — ranked by the number of CVEs affecting their products.

How many AI vendor vulnerabilities are tracked?

1,314 AI/ML CVEs across 121 vendors, of which 198 are rated critical.

How are vendors ranked?

Vendors are ranked by total CVE count, with critical-severity issues highlighted, so the vendors with the largest AI security exposure surface first.

What counts as an AI vendor here?

Any organization whose AI/ML models, frameworks, libraries, or tools have tracked vulnerabilities — from foundation-model providers to open-source framework maintainers.

Where does the vendor CVE data come from?

Vendor vulnerability data is sourced from NVD and GitHub Advisory, then mapped to the specific AI/ML packages each vendor maintains.