Deep learning (DL) frameworks such as TensorFlow and PyTorch have powered major AI advancements, yet their reliance on third-party libraries introduces critical, understudied security risks. This paper examines dependency management in these frameworks, focusing on dependency characteristics, associated vulnerabilities, and mitigation strategies. We analyze 448 libraries, 8,641 dependency-related commits, and 72 vulnerabilities, using GitHub APIs, official package sites, NVD/CWE databases, and a developer survey. Our findings show that while both frameworks share similar dependency types, PyTorch has more dependencies with less frequent updates. Both exhibit substantial vulnerabilities—42 in TensorFlow and 30 in PyTorch—almost half of which are high or critical severity, many unresolved. Notably, cumulative vulnerability exposure events reach 9,653 for TensorFlow and 627 for PyTorch, largely due to repeated removal and reintroduction of vulnerable dependencies. We also reveal that most security fixes occur incidentally alongside dependency optimization or compatibility improvements. Only 12% of changes explicitly address security, despite 90% of developers acknowledging its importance, reflecting limited experience, over-reliance on dependencies, and unclear accountability. This study sheds light on dependency management practices in DL frameworks, highlighting critical security risks and offering actionable guidance to strengthen DL ecosystem security and resilience.
Tan et al. (Fri,) studied this question.