An Analysis of Software Vulnerabilities and Weaknesses in Machine Learning Libraries
Abstract
Research Context: This article investigates software vulnerabilities and weaknesses across 273 machine learning (ML) library repositories. Scientific and/or Practical Problem: The scientific problem lies in comprehensively mapping security issues within the rapidly expanding landscape of ML libraries. Practically, this research addresses the need for a scalable methodology to effectively track, collect, and correlate existing vulnerabilities and weaknesses in these libraries. Proposed Solution and/or Analysis: We propose a scalable methodology designed to track, collect, and correlate security issues by leveraging CVEs (Common Vulnerabilities and Exposures) and CWEs (Common Weakness Enumeration). Related IS Theory: This research draws upon Complexity Theory, recognizing the intricate interconnectedness of ML ecosystems, where a single change or vulnerability can trigger cascading and unpredictable effects throughout the entire system. Research Method: Our research employed an empirical software analysis approach, involving the mining of 273 machine learning library repositories. We utilized CodeQL and Dependabot as part of the methodology to systematically track, collect, and conduct an in-depth analysis of the interconnections between CWEs and CVEs related to identified vulnerabilities and weaknesses. Summary of Results: Our findings revealed various security flaws, including validation failures, access control issues, memory management errors, development flaws, path-traversal vulnerabilities, and cryptographic weaknesses. Notably, these included CWEs from the Top 25 Most Dangerous Software Weaknesses. These results underscore the critical need for proactive measures to enhance security and reliability within ML systems. Contributions and Impact to IS area: Contributions include an automated methodology for characterizing vulnerabilities and weaknesses in ML libraries; an analysis of vulnerabilities and weaknesses in 273 ML libraries, and a dataset of CVEs/CWEs interconnections for ML.
References
Abdalkareem, R., Nourry, O., Wehaibi, S., Mujahid, S., and Shihab, E. (2017). Why do developers use trivial packages? an empirical case study on npm. In Proceedings of the 2017 11th joint meeting on foundations of software engineering, pages 385–395.
Bertram, A. (2025). Litellm: A lightweight framework for orchestrating large language models. [link]. Accessed: 2025-01-08.
Charoenwet, W., Thongtanunam, P., Pham, V.-T., and Treude, C. (2024). Toward effective secure code reviews: an empirical study of security-related coding weaknesses. Empirical Software Engineering, 29(4):88.
Clodis Boscarioli, Renata Mendes de Araujo, R. S. M. (2017). I GranDSI-BR: Grand Research Challenges in Information Systems in Brazil 2016-2026. Sociedade Brasileira de Computação. [Accessed 28-09-2025].
Code Climate (2025). Code climate quality: Automated code quality analysis. [link]. Accessed: 2025-01-08.
Common Enumeration of Vulnerabilities (2021). Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. [link]. [Accessed 09-07-2024].
GitHub (2025). Codeql: Semantically powered security analysis for code. [link]. Accessed: 2025-01-08.
GitHub (2025). Dependabot: Automated dependency updates for secure development. [link]. Accessed: 2025-01-08.
Harzevili, N. S., Shin, J., Wang, J., Wang, S., and Nagappan, N. (2023). Characterizing and understanding software security vulnerabilities in machine learning libraries. In 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), pages 27–38. IEEE.
Kujavski, L., Penteado, U., Almeida, P., and Grégio, A. (2024). Obsolescência não-programada: Análise do uso de software desatualizado em ambiente de produção. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 508–521, Porto Alegre, RS, Brasil. SBC.
Lai, Z., Chen, H., Sun, R., Zhang, Y., Xue, M., and Yuan, D. (2024). On security weaknesses and vulnerabilities in deep learning systems. IEEE Transactions on Dependable and Secure Computing, pages 1–15.
Lu, G., Ju, X., Chen, X., Pei, W., and Cai, Z. (2024). Grace: Empowering llm-based software vulnerability detection with graph structure and in-context learning. Journal of Systems and Software, 212:112031.
Márquez, A. G., Varela-Vaca, Á. J., López, M. T. G., Galindo, J. A., and Benavides, D. (2024). Vulnerability impact analysis in software project dependencies based on satisfiability modulo theories (smt). Computers & Security, 139:103669.
McKinsey & Company (2022). The state of ai in 2022. [link]. Accessed: 2025-01-08.
MITRE Corporation (2025a). Common vulnerabilities and exposures (cve). [link]. Accessed: 2025-01-03.
MITRE Corporation (2025b). Common weakness enumeration (cwe). [link]. Accessed: 2025-01-03.
NPM, Inc. (2025). Npm (node package manager). [link]. JavaScript package manager for Node.js.
Prana, G. A. A., Sharma, A., Shar, L. K., Foo, D., Santosa, A. E., Sharma, A., and Lo, D. (2021). Out of sight, out of mind? how vulnerable dependencies affect open-source projects. Empirical Software Engineering, 26:1–34.
Pressman, R. S. (2019). Engenharia de Software. McGraw-Hill Brasil, 9 edition.
Ribeiro, D., Lemos, R., Ponte, F., Mattos, C., and Rodrigues, E. (2024). Classificação de risco de vulnerabilidades de segurança via processos gaussianos e aprendizado ativo. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 107–122, Porto Alegre, RS, Brasil. SBC.
Semgrep Contributors (2025). Semgrep: Static analysis at ludicrous speed. [link]. Accessed: 2025-01-08.
SonarSource (2025). Sonarqube: Continuous code quality and security. [link]. Accessed: 2025-01-08.
Tiangolo, S. R. (2023). Fastapi: A high-performance web framework for building apis with python. [link]. Accessed: 2025-01-08.
Wikipedia (2025). Npm left-pad incident. [link].
Wu, Y., Bojanova, I., and Yesha, Y. (2015). They know your weaknesses–do you?: Reintroducing common weakness enumeration. CrossTalk, 45.
