CVEs in ML libraries, frameworks, and the AI/ML supply chain.
A focused tracker for CVEs in ML and AI infrastructure. PyTorch, TensorFlow, ONNX, vLLM, llama.cpp, transformers, langchain, LlamaIndex, model registries, and the broader AI/ML supply chain — dated, sourced to NVD or vendor advisory.
Best AI Supply Chain Security Tools in 2026
A practitioner's guide to the best AI supply chain security tools: model artifact scanners, MLOps pipeline hardening, AIBOM generators, and what the NSA's March 2026 guidance says you must address.
LangChain Security Vulnerabilities 2026: CVEs, Attack Chains, and What to Patch
Four verified CVEs in LangChain and LangGraph expose API secrets, filesystem files, and conversation history. CVSS scores, attack paths, and patch versions for 2026.
How to Triage an ML-Stack CVE: A Practical Workflow
A repeatable workflow for taking an ML-library CVE from 'a scanner flagged it' to a defensible decision — without panic-patching everything or trusting the CVSS number to do your thinking.
Hugging Face Transformers & Hub: Supply-Chain Risks and Real Advisories
The Hugging Face ecosystem is the npm of machine learning — and it carries the same supply-chain exposure. A tour of verified Transformers CVEs and what they reveal about trusting models, configs, and the tooling meant to protect you.
Almanac
Trusted by researchers across the AI security community
ML CVEs is part of a 26-site editorial network covering adversarial ML, AI governance, defensive tooling, and ops engineering — all open access.
ML CVEs — in your inbox
CVEs in ML libraries, frameworks, and the AI/ML supply chain. — delivered when there's something worth your inbox.
No spam. Unsubscribe anytime.