{"id":18894179,"url":"https://github.com/trailofbits/ml-file-formats","last_synced_at":"2026-02-27T07:30:14.254Z","repository":{"id":224660694,"uuid":"761926126","full_name":"trailofbits/ml-file-formats","owner":"trailofbits","description":"List of ML file formats","archived":false,"fork":false,"pushed_at":"2024-03-05T18:02:49.000Z","size":51,"stargazers_count":43,"open_issues_count":2,"forks_count":8,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-12-31T07:24:33.472Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-22T18:42:32.000Z","updated_at":"2024-12-16T14:16:25.000Z","dependencies_parsed_at":"2024-12-31T07:23:30.267Z","dependency_job_id":"752543ee-8a13-4b02-a938-686403432382","html_url":"https://github.com/trailofbits/ml-file-formats","commit_stats":null,"previous_names":["trailofbits/ml-file-formats"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fml-file-formats","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fml-file-formats/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fml-file-formats/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fml-file-formats/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/ml-file-formats/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239869218,"owners_count":19710485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T08:19:40.732Z","updated_at":"2026-02-27T07:30:14.217Z","avatar_url":"https://github.com/trailofbits.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# List of ML File Formats\n\nThis repository lists file formats used in ML/AI systems. It can be used as a resource for tool development and vulnerability research. We aim to keep this list as up-to-date and accurate as possible. If you discover any missing file formats, inaccuracies, or if you have more details to contribute, please raise an [issue](https://github.com/trailofbits/ml-file-formats/issues) or submit a [pull request](https://github.com/trailofbits/ml-file-formats/pulls).\n\n\n| Name | ML-specific | Framework/Organization (if applicable) | Identification Tooling | Extensions | Additional Notes |\n| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -------------------------------------- | ------------------------- | ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |\n| [PyTorch v1.3](https://github.com/pytorch/pytorch/issues/31877) | Yes | PyTorch | Fickling | .pt, .pth, .bin | Description: ZIP file containing data.pkl (1 pickle file) |\n| [PyTorch v0.1.1](https://github.com/pytorch/pytorch/issues/31877) | Yes | PyTorch | Fickling | .pt, .pth, .bin | Description: Tar file with sys_info, pickle, storages, and tensors |\n| [PyTorch v0.1.10](https://github.com/pytorch/pytorch/issues/31877) | Yes | PyTorch | Fickling | .pt, .pth, .bin | Description: Stacked pickle files |\n| [TorchScript v1.4](https://github.com/pytorch/pytorch/issues/31877) | Yes | PyTorch | Fickling | .pt, .pth, .bin | Description: ZIP file with data.pkl, constants.pkl, and version (2 pickle files and a folder) |\n| [TorchScript v1.3 (deprecated)](https://github.com/pytorch/pytorch/issues/31877) | Yes | PyTorch | Fickling | .pt, .pth, .bin | Description: ZIP file with data.pkl and constants.pkl (2 pickle files) |\n| [TorchScript v1.1 (deprecated)](https://github.com/pytorch/pytorch/issues/31877) | Yes | PyTorch | Fickling | .pt, .pth, .bin | Description: ZIP file with model.json and attributes.pkl (a JSON file and a pickle file) |\n| [TorchScript v1.0 (deprecated)](https://github.com/pytorch/pytorch/issues/31877) | Yes | PyTorch | Fickling | .pt, .pth, .bin | Description: ZIP file with model.json |\n| [PyTorch model archive format [ZIP]](https://github.com/pytorch/serve/tree/master/model-archiver#artifact-details) | Yes | PyTorch | Fickling | .mar | Description: ZIP file that includes Python code files and pickle files |\n| [PyTorch model archive format [TAR]](https://github.com/pytorch/serve/tree/master/model-archiver#artifact-details) | Yes | PyTorch | - | .mar | Description: TAR file that includes Python code files and pickle files |\n| [PyTorch Package](https://pytorch.org/docs/stable/package.html) | Yes | PyTorch | - | .pt, .pth, .bin | Description: ZIP file that includes a pickled model, user files represented as a Python package, and framework files including serialized tensor data |\n| [ExecuTorch](https://pytorch.org/executorch/main/pte-file-format.html) | Yes | PyTorch | - | .pte | Description: Modified binary flatbuffer file with optional data segments appended |\n| [Torch.export](https://pytorch.org/docs/stable/export.html) | Yes | PyTorch | - | .pt2 | Description: ZIP file with JSON files and Python code file |\n| [PyTorch Mobile](https://pytorch.org/tutorials/recipes/mobile_perf.html?highlight=mobile) | Yes | PyTorch | - | .ptl | Description: Modified binary flatbuffer file |\n| [Safetensors](https://github.com/huggingface/safetensors) | Yes | - | PolyFile | .safetensors | [Refer to our audit](https://github.com/trailofbits/publications/blob/master/reviews/2023-03-eleutherai-huggingface-safetensors-securityreview.pdf) |\n| [ONNX](https://github.com/onnx/onnx) | Yes | - | - | .onnx | [Refer to LobotoMI](https://github.com/alkaet/LobotoMl) |\n| [Keras native file format](https://keras.io/guides/serialization_and_saving/#saving) | Yes | Keras | - | .keras | Description: ZIP archive with 2 JSON files and 1 h5 file |\n| [TensorFlow Saved Models](https://www.tensorflow.org/guide/saved_model) | Yes | TensorFlow | - | .pb | [Description: Custom Protobuf format. Can result in arbitrary code execution.](https://hiddenlayer.com/research/models-are-code/) |\n| [TensorFlow Checkpoint](https://www.tensorflow.org/guide/checkpoint) | Yes | TensorFlow | - | .ckpt | [Description: Custom Protobuf format. Can result in arbitrary code execution.](https://hiddenlayer.com/research/models-are-code/) |\n| [TFLite](https://www.tensorflow.org/lite/guide) | Yes | TensorFlow | - | .tflite | Description: Modified binary flatbuffer file |\n| [TFJS](https://www.tensorflow.org/js/guide/save_load) | Yes | TensorFlow | - | \\- | Description: JSON file and binary file with weights. Technically not a singular file format. |\n| [TF1 Hub format (deprecated)](https://www.tensorflow.org/hub/tf1_hub_module#:~:text=The%20TF1%20Hub%20format%20is%20similar%20to%20the%20SavedModel%20format,different%20tagging%20conventions%20for%20metagraphs) | Yes | TensorFlow | - | \\- | Description: Custom Protobuf format. |\n| [Tensorizer](https://github.com/coreweave/tensorizer) | Yes | CoreWeave | - | \\- | Not uncommon especially in private production systems |\n| [TFRecords](https://www.tensorflow.org/tutorials/load_data/tfrecord) | Yes | TensorFlow | - | .tfrecords | Description: Wrapper around a Protocol Buffer |\n| [NPY](https://numpy.org/devdocs/reference/generated/numpy.lib.format.html) | Yes | NumPy | - | .npy | Used to integrate pickle by default as well. |\n| [NPZ](https://docs.scipy.org/doc/numpy-1.9.3/reference/generated/numpy.savez.html#:~:text=compressed%20.npz%20archive-,The%20.,npy%20format.) | Yes | NumPy | - | .npz | Description: ZIP file of NPY files |\n| [GGUF](https://github.com/ggerganov/ggml/blob/master/docs/gguf.md) | Yes | llama.cpp/GGML | - | .gguf | \\- |\n| [GGML](https://github.com/rustformers/llm/blob/main/crates/ggml/README.md) | Yes | llama.cpp/GGML | - | .ggml | \\- |\n| [GGMF (deprecated)](https://github.com/ggerganov/ggml/blob/master/docs/gguf.md#historical-state-of-affairs) | Yes | llama.cpp/GGML | - | .ggmf | \\- |\n| [GGJT (deprecated)](https://github.com/ggerganov/ggml/blob/master/docs/gguf.md#historical-state-of-affairs) | Yes | llama.cpp/GGML | - | .ggjt | \\- |\n| [NetCDF](https://www.unidata.ucar.edu/software/netcdf/) | Yes | - | - | .nc | \\- |\n| [PMML](https://en.wikipedia.org/wiki/Predictive_Model_Markup_Language) | Yes | - | - | \\- | \\- |\n| [MLeap](https://github.com/combust/mleap) | Yes | Spark | - | .mleap | \\- |\n| [CoreML](https://apple.github.io/coremltools/mlmodel/index.html) | Yes | Apple | - | .coreml | \\- |\n| MLFlow Format | Yes | MLFlow | - | \\- | \\- |\n| MLFlow TensorSpec input format | Yes | MLFlow | - | \\- | \\- |\n| [SurrealML](https://github.com/surrealdb/surrealml) | Yes | SurrealDB | - | .surml | \\- |\n| [Llamafile](https://github.com/Mozilla-Ocho/llamafile?tab=readme-ov-file) | Yes | - | - | .llamafile | \\- |\n| [.prompt](https://docs.humanloop.com/docs/prompt-file-format) | Yes | HumanLoop | - | .prompt | \\- |\n| [Pickle](https://docs.python.org/3/library/pickle.html) | No | Python | PolyFile | .pkl | [Refer to Fickling](https://github.com/trailofbits/fickling) |\n| Joblib | No | - | PolyFile | \\- | \\- |\n| Nemo | Yes | NVIDIA | - | \\- | \\- |\n| Riva | Yes | NVIDIA | - | \\- | \\- |\n| AVRO | No | - | - | \\- | \\- |\n| PARQUET | No | - | - | \\- | \\- |\n| ORC | No | - | - | \\- | \\- |\n| JSON | No | - | PolyFile | \\- | \\- |\n| CSV | No | - | - | \\- | \\- |\n| Protocol Buffers | No | - | - | \\- | Usually an underlying file format |\n| HDF5 | No | - | - | .h5 | \\- |\n| [Caffe](https://caffe.berkeleyvision.org/tutorial/net_layer_blob.html) | Yes | Caffe | - | .caffemodel \u0026 .prototxt | Description: Protobuf-based file format |\n| [ArmNN Flatbuffers](https://arm-software.github.io/armnn/20.02/serializers.xhtml#S8_serializer) | Yes | ArmNN | - | \\- | \\- |\n| [Cambricon](https://github.com/Cambricon/CNStream) | Yes | - | - | \\- | \\- |\n| [Circle](https://nnfw.readthedocs.io/_/downloads/en/latest/pdf/) | Yes | - | - | \\- | \\- |\n| ZIP | No | - | PolyFile | \\- | Usually an underlying file format |\n| [CNTK v1 (deprecated)](https://learn.microsoft.com/en-us/cognitive-toolkit/cntk-library-api) | Yes | Microsoft Cognitive Toolkit | - | \\- | \\- |\n| [CNTK v2](https://learn.microsoft.com/en-us/cognitive-toolkit/cntk-library-api) | Yes | Microsoft Cognitive Toolkit | - | \\- | Description: Protobuf-based file format |\n| [Darknet](https://github.com/hank-ai/darknet) | Yes | [Hank.ai](http://hank.ai/) Darknet | - | \\- | \\- |\n| [DL4J](https://deeplearning4j.konduit.ai/v/en-1.0.0-beta7/getting-started/cheat-sheet) | Yes | DL4J | - | \\- | Description: ZIP-based file format |\n| [Deep Learning Container (DLC)](https://developer.qualcomm.com/software/qualcomm-neural-processing-sdk/learning-resources/developing-apps-with-neural-processing-sdk/working-with-machine-learning) | Yes | Qualcomm Neural Processing SDK | - | .dlc | \\- |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fml-file-formats","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fml-file-formats","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fml-file-formats/lists"}