lightgbm logo

lightgbm

#804 · by microsoft
infraserverlessGPU
3.24/ 5.00
trustedBeta
Mar 3, 2026 at 7:21 AM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
high3 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

3 of 3 sub-signals with data

Known CVEs40%4.7

1 CVE(s) found — 0 unpatched

via OSV.dev

Dependency Health30%5.0

8 dependencies (minimal)

via npm / PyPI

Supply Chain30%4.8

35 transitive CVEs found (penalty: -0.25)

via npm provenance

Uptime, latency, error rates, and incident history

0 of 0 sub-signals with data

Commit recency, release cadence, issue response, CI/CD

0 of 0 sub-signals with data

Downloads, stars, dependents, and growth trajectory

0 of 0 sub-signals with data

License, documentation, security policy, changelog

0 of 0 sub-signals with data

Track record, org maturity, community standing

0 of 0 sub-signals with data

About this score
Scored across 3 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Trust AssessmentAI Assessment

Microsoft's fast gradient boosting framework for machine learning that handles large-scale data with efficient memory usage and high accuracy on tabular datasets.

Package Availability (30d)
100.00%
p50: 20ms · p99: 62ms
Avg Latency
28ms
averaged across 30d health checks
Weekly Downloads
no package registry data
Incidents & Alertslast 90 days
Mar 1Trust score decreased by 1.363.24
Feb 26Critical CVE detected — patched in v4.6.04.63
Feb 26Critical CVE detected — patched in v4.6.04.63
Feb 26Critical CVE detected — patched in v4.6.04.63
Feb 26Critical CVE detected — patched in v4.6.04.60
Feb 26Critical CVE detected — patched in v4.6.04.60
Showing 6 of 20 events
Score History90 snapshots
5.003.752.501.250.00
Feb 22Feb 26
Supply Chain & Dependenciestrust chain
cffi
pypi · >=1.15.1; extra == "arrow"
dask
pypi · * · 1 CVE1L
numpy
pypi · >=1.17.0 · 16 CVEs8L4H3M1C
pandas
pypi · >=0.24.0; extra == "pandas" · 1 CVE1L
pyarrow
pypi · >=6.0.1; extra == "arrow" · 7 CVEs4L2H1C
scikit-learn
pypi · >=0.24.2; extra == "scikit-learn" · 6 CVEs2L2H1M1C
Showing 6 of 7 dependencies
Data Sources6 indexed
OSV.devCVE database · vulnerability scanning for npm & PyPI packages
GitHub APICommits, issues, releases, repo metadata, transparency checks
npm RegistryPackage metadata, weekly downloads, maintainers, dependencies
PyPIPackage metadata, weekly downloads, dependency tree
HTTP Health Checks15-min pings · uptime, latency, status monitoring
PyPI StatsDownload statistics and trends
Version Historyscore per release
VERSIONRELEASEDSCOREDELTA
v4.6.0Feb 15, 20254.63
v4.5.0Jul 25, 20244.63
v4.4.0Jun 15, 20244.63
v4.3.0Jan 26, 20244.63
v4.2.0Dec 21, 20234.63
v4.1.0Sep 12, 20234.63
Showing 6 of 10 releases

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card