LibVulnWatch: Vulnerability Assessment Leaderboard

LibVulnWatch – Continuous, Multi-Domain Risk Scoring for AI Libraries

As presented at the ACL 2025 Student Research Workshop and the ICML 2025 Technical AI Governance (TAIG) workshop, LibVulnWatch provides an evidence-based, end-to-end pipeline that uncovers hidden vulnerabilities in open-source AI libraries across five governance-aligned domains:

License Validation – compatibility, provenance, obligations
Security Assessment – CVEs, patch latency, exploit primitives
Maintenance Health – bus-factor, release cadence, contributor diversity
Dependency Management – transitive risk, SBOM completeness
Regulatory Compliance – privacy/export controls, policy documentation

In the paper we apply the framework to 20 popular libraries, achieving 88 % coverage of OpenSSF Scorecard checks and surfacing up to 19 previously-unreported risks per library.
Lower scores indicate lower risk, and the Trust Score is the equal-weight average of the five domains.

{
  • "headers": [
    • "assessment_id",
    • "Type",
    • "T",
    • "Language",
    • "Framework",
    • "Library",
    • "Version",
    • "Trust Score",
    • "License",
    • "GitHub ⭐",
    • "Last Update",
    • "Verified",
    • "Active Maintenance",
    • "Report",
    • "License Rating",
    • "Security Rating",
    • "Maintenance Rating",
    • "Dependency Rating",
    • "Regulatory Rating",
    • "_languages_list",
    • "_maintenance_filter"
    ],
  • "data": [
    • [
      • "pydantic_pydantic-ai_v0.3.2",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/pydantic/pydantic-ai" target="_blank">pydantic/pydantic-ai</a>",
      • "v0.3.2",
      • 3,
      • "MIT",
      • 10400,
      • "2024-06-08",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/pydantic_pydantic-ai_v0.3.2.html" target="_blank">View Report</a>",
      • 5,
      • 3,
      • 3,
      • 2,
      • 2,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "browser-use_browser-use_v0.3.2",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/browser-use/browser-use" target="_blank">browser-use/browser-use</a>",
      • "v0.3.2",
      • 3,
      • "MIT",
      • 3200,
      • "2024-06-09",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/browser_use_browser-use_v0.3.2.html" target="_blank">View Report</a>",
      • 5,
      • 3,
      • 3,
      • 2,
      • 2,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "jax-ml_jax_v0.4.23",
      • "ML Framework",
      • "🟢",
      • "Python",
      • "ML Framework",
      • "<a href="https://github.com/jax-ml/jax" target="_blank">jax-ml/jax</a>",
      • "v0.4.23",
      • 2.8,
      • "Apache-2.0",
      • 32604,
      • "2024-06-24",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/jax-ml_jax_v0.4.23.html" target="_blank">View Report</a>",
      • 5,
      • 3,
      • 4,
      • 1,
      • 1,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "huggingface_transformers_v4.52.4",
      • "ML Framework",
      • "🟢",
      • "Python",
      • "ML Framework",
      • "<a href="https://github.com/huggingface/transformers" target="_blank">huggingface/transformers</a>",
      • "v4.52.4",
      • 2.8,
      • "Apache-2.0",
      • 146000,
      • "2024-06-22",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/huggingface_transformers_v4.52.4.html" target="_blank">View Report</a>",
      • 5,
      • 1,
      • 4,
      • 1,
      • 3,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "tensorflow_tensorflow_v2.19.0",
      • "ML Framework",
      • "🟢",
      • "C++/Python",
      • "ML Framework",
      • "<a href="https://github.com/tensorflow/tensorflow" target="_blank">tensorflow/tensorflow</a>",
      • "v2.19.0",
      • 2.6,
      • "Apache-2.0",
      • 190000,
      • "2024-06-23",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/tensorflow_tensorflow_v2.19.0.html" target="_blank">View Report</a>",
      • 5,
      • 1,
      • 3,
      • 1,
      • 3,
      • [
        • "C++",
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "pytorch_pytorch_v2.7.1",
      • "ML Framework",
      • "🟢",
      • "C++/Python",
      • "ML Framework",
      • "<a href="https://github.com/pytorch/pytorch" target="_blank">pytorch/pytorch</a>",
      • "v2.7.1",
      • 2.6,
      • "BSD-3-Clause",
      • 91000,
      • "2024-06-25",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/pytorch_pytorch_v2.7.1.html" target="_blank">View Report</a>",
      • 5,
      • 1,
      • 3,
      • 1,
      • 3,
      • [
        • "C++",
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "onnx_onnx_v1.18.0",
      • "ML Framework",
      • "🟢",
      • "C++/Python",
      • "ML Framework",
      • "<a href="https://github.com/onnx/onnx" target="_blank">onnx/onnx</a>",
      • "v1.18.0",
      • 2.6,
      • "MIT",
      • 19100,
      • "2024-06-22",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/onnx_onnx_v1.18.0.html" target="_blank">View Report</a>",
      • 4,
      • 3,
      • 3,
      • 1,
      • 2,
      • [
        • "C++",
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "run-llama_llama_index_v0.12.43",
      • "LLM Orchestration",
      • "🟣",
      • "Python",
      • "LLM Orchestration",
      • "<a href="https://github.com/run-llama/llama_index" target="_blank">run-llama/llama_index</a>",
      • "v0.12.43",
      • 2.4,
      • "MIT",
      • 42500,
      • "2024-06-20",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/run-llama_llama_index_v0.12.43.html" target="_blank">View Report</a>",
      • 4,
      • 2,
      • 3,
      • 1,
      • 2,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "google_adk-python_v1.4.2",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/google/adk-python" target="_blank">google/adk-python</a>",
      • "v1.4.2",
      • 2.4,
      • "MIT",
      • 3800,
      • "2024-06-07",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/google_adk-python_v1.4.2.html" target="_blank">View Report</a>",
      • 4,
      • 2,
      • 3,
      • 1,
      • 2,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "vllm-project_vllm_v0.9.1",
      • "LLM Inference",
      • "🟦",
      • "Python/CUDA",
      • "LLM Inference",
      • "<a href="https://github.com/vllm-project/vllm" target="_blank">vllm-project/vllm</a>",
      • "v0.9.1",
      • 2.2,
      • "Apache-2.0",
      • 50600,
      • "2024-06-18",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/vllm-project_vllm_v0.9.1.html" target="_blank">View Report</a>",
      • 4,
      • 2,
      • 3,
      • 1,
      • 1,
      • [
        • "Python",
        • "CUDA"
        ],
      • "Active"
      ],
    • [
      • "nvidia_TensorRT_v10.12.0",
      • "ML Framework",
      • "🟢",
      • "C++/Python",
      • "ML Framework Inference",
      • "<a href="https://github.com/nvidia/tensorrt" target="_blank">nvidia/TensorRT</a>",
      • "v10.12.0",
      • 2.2,
      • "Proprietary with Open Components",
      • 11700,
      • "2024-06-21",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/nvidia_tensorrt_v10.12.0.html" target="_blank">View Report</a>",
      • 3,
      • 2,
      • 3,
      • 1,
      • 2,
      • [
        • "C++",
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "sgl-project_sglang_v0.4.7",
      • "LLM Inference",
      • "🟦",
      • "Python/C++",
      • "LLM Inference",
      • "<a href="https://github.com/sgl-project/sglang" target="_blank">sgl-project/sglang</a>",
      • "v0.4.7",
      • 2.2,
      • "Apache-2.0",
      • 15400,
      • "2024-06-19",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/sgl-project_sglang_v0.4.7.html" target="_blank">View Report</a>",
      • 4,
      • 2,
      • 3,
      • 1,
      • 1,
      • [
        • "Python",
        • "C++"
        ],
      • "Active"
      ],
    • [
      • "langchain-ai_langchain_v0.3.66",
      • "LLM Orchestration",
      • "🟣",
      • "Python",
      • "LLM Orchestration",
      • "<a href="https://github.com/langchain-ai/langchain" target="_blank">langchain-ai/langchain</a>",
      • "v0.3.66",
      • 2.2,
      • "MIT",
      • 111000,
      • "2024-06-17",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/langchain-ai_langchain_v0.3.66.html" target="_blank">View Report</a>",
      • 5,
      • 1,
      • 1,
      • 1,
      • 3,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "crewAIInc_crewAI_v0.130.0",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/crewaiinc/crewai" target="_blank">crewAIInc/crewAI</a>",
      • "v0.130.0",
      • 2.2,
      • "MIT",
      • 8200,
      • "2024-06-15",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/crewaiinc_crewai_v0.130.0.html" target="_blank">View Report</a>",
      • 5,
      • 1,
      • 3,
      • 1,
      • 1,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "huggingface_smolagents_v1.19.0",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/huggingface/smolagents" target="_blank">huggingface/smolagents</a>",
      • "v1.19.0",
      • 2,
      • "MIT",
      • 20500,
      • "2024-06-12",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/huggingface_smolagents_v1.19.0.html" target="_blank">View Report</a>",
      • 4,
      • 2,
      • 2,
      • 1,
      • 1,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "FoundationAgents_MetaGPT_v0.8.1",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/foundationagents/metagpt" target="_blank">FoundationAgents/MetaGPT</a>",
      • "v0.8.1",
      • 2,
      • "MIT",
      • 56700,
      • "2024-06-14",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/foundationagents_metagpt_v0.8.1.html" target="_blank">View Report</a>",
      • 4,
      • 2,
      • 2,
      • 1,
      • 1,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "ComposableHQ_composio_v0.7.19",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/composablehq/composio" target="_blank">ComposableHQ/composio</a>",
      • "v0.7.19",
      • 2,
      • "MIT",
      • 1200,
      • "2024-06-10",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/ComposableHQ_composio_v0.7.19.html" target="_blank">View Report</a>",
      • 4,
      • 2,
      • 2,
      • 1,
      • 1,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "browserbase_stagehand_v2.3.1",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/browserbase/stagehand" target="_blank">browserbase/stagehand</a>",
      • "v2.3.1",
      • 2,
      • "Apache-2.0 with Commons Clause",
      • 12800,
      • "2024-06-11",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/browserbase_stagehand_v2.3.1.html" target="_blank">View Report</a>",
      • 3,
      • 2,
      • 3,
      • 1,
      • 1,
      • [
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "huggingface_text-generation-inference_v3.3.4",
      • "LLM Inference",
      • "🟦",
      • "Rust/Python",
      • "LLM Inference",
      • "<a href="https://github.com/huggingface/text-generation-inference" target="_blank">huggingface/text-generation-inference</a>",
      • "v3.3.4",
      • 1.8,
      • "Apache-2.0",
      • 10200,
      • "2024-06-16",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/huggingface_text-generation-inference_v3.3.4.html" target="_blank">View Report</a>",
      • 3,
      • 2,
      • 2,
      • 1,
      • 1,
      • [
        • "Rust",
        • "Python"
        ],
      • "Active"
      ],
    • [
      • "langchain-ai_langgraph_v2.1.0",
      • "Agent Framework",
      • "⭕",
      • "Python",
      • "Agent Framework",
      • "<a href="https://github.com/langchain-ai/langgraph" target="_blank">langchain-ai/langgraph</a>",
      • "v2.1.0",
      • 1.6,
      • "Proprietary",
      • 14700,
      • "2024-06-13",
      • true,
      • true,
      • "<a href="https://981526092.github.io/LibVulnWatch/langchain-ai_langgraph_v2.1.0.html" target="_blank">View Report</a>",
      • 1,
      • 1,
      • 4,
      • 1,
      • 1,
      • [
        • "Python"
        ],
      • "Active"
      ]
    ],
  • "metadata": null
}