AI Vulnerabilities by Vendor

Browse AI/ML vulnerabilities by the vendor that ships them. AI Threat Alert tracks 1,385 CVEs across 130 vendors — foundation-model providers, framework maintainers, and AI tooling companies including OpenAI, Anthropic, Google, Meta, Microsoft, and Hugging Face — with 201 critical issues, so you can see which vendors carry the most AI security exposure.

Vendor CVEs Critical
google 432 17
OpenClaw 225 11
n8n 72 16
lfprojects 49 10
gradio_project 47 7
langchain 35 20
flowiseai 33 9
vllm 31 7
linuxfoundation 31 4
huggingface 30 3
openclaw 27 3
Red Hat 25 1
Flowise 23 9
ollama 20 1
open-webui 20 0
langflow 19 7
opensuse 16 4
picklescan 14 7
n/a 13 4
MervinPraison 11 0
opengeos 9 9
oracle 7 7
keras 7 2
BerriAI 6 0
binary-husky 6 1
filamentphp 6 0
llamaindex 6 1
Eliz Software 5 5
litellm 5 1
PraisonAI 5 0
bentoml 5 3
hiyouga 4 2
Edimax 4 0
pytorch 4 2
quantumcloud 4 0
openairinterface 3 0
lightningai 3 2
chatchat-space 3 1
mmaitre314 3 1
pydantic 3 0
scikit-learn 3 1
snowflake 3 0
gaizhenbiao 3 1
Chainlit 2 0
FlowiseAI 2 0
snorkel 2 0
intel 2 0
langchain-ai 2 0
mlflow 2 1
taxopress 2 0
Apache Software Foundation 2 0
ml-explore 2 1
craftcms 2 0
microsoft 2 1
LXware 2 0
QR Menu Pro Smart Menu Systems 2 0
lollms 2 0
leejet 2 0
pinpoint-apm 2 0
keras-team 2 0
IBM 2 1
vasiliskerasiotis 1 1
vllm-project 1 1
webdigit 1 0
wolfSSL 1 0
x-d_lab 1 1
yashbhalgat 1 0
zanllp 1 0
Anthropic 1 0
zephyrproject-rtos 1 0
BSS Software 1 1
Elastic 1 0
Feast 1 1
Flux159 1 1
ForceInjection 1 0
GST Electronics 1 1
Google Cloud 1 1
Grafana 1 0
HKUDS 1 0
Merkulove 1 0
Merkur Software 1 1
NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. 1 1
NousResearch 1 0
Ollama AI 1 0
Oracle Corporation 1 1
PickleScan 1 0
QQBot 1 0
QuantumCloud 1 0
Siemens AG 1 0
Sony 1 0
Teknolojik Center Telecommunication Industry Trade Co. Ltd. 1 0
Vesta 1 1
agpt 1 0
aliasrobotics 1 1
allegroai 1 0
amazon 1 0
anthropic 1 0
astoundify 1 0
ays-pro 1 0
bylancer 1 1
chuanhuchatgpt_project 1 0
combust 1 1
crewai 1 0
dtwang 1 0
exo-explore 1 0
ffmpeg 1 0
gradio 1 0
hestiacp 1 0
hliu 1 0
humansignal 1 0
increments 1 0
kvcache-ai 1 1
langflow-ai 1 0
langgenius 1 0
lobehub 1 0
marimo-team 1 0
matrixaddons 1 0
mcp-tool-shop-org 1 1
mindsdb 1 0
mintplexlabs 1 0
nltk 1 0
openai 1 0
openwebui 1 0
pgadmin.org 1 1
sillytavern 1 0
siyuan-note 1 0
sourcentis 1 0
suyogs 1 0
typebot 1 0
uapp 1 0

Frequently asked questions

Which AI vendors does AI Threat Alert track?

AI Threat Alert tracks 130 vendors that publish AI/ML models, frameworks, or tooling — including OpenAI, Anthropic, Google, Meta, Microsoft, and Hugging Face — ranked by the number of CVEs affecting their products.

How many AI vendor vulnerabilities are tracked?

1,385 AI/ML CVEs across 130 vendors, of which 201 are rated critical.

How are vendors ranked?

Vendors are ranked by total CVE count, with critical-severity issues highlighted, so the vendors with the largest AI security exposure surface first.

What counts as an AI vendor here?

Any organization whose AI/ML models, frameworks, libraries, or tools have tracked vulnerabilities — from foundation-model providers to open-source framework maintainers.

Where does the vendor CVE data come from?

Vendor vulnerability data is sourced from NVD and GitHub Advisory, then mapped to the specific AI/ML packages each vendor maintains.