CVE-2020-26269

In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...

CVE-2020-15199

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...

CVE-2020-15197

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has rank 2. This tensor must be a matrix because code assumes its elements are access...

CVE-2018-21233

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decodebmpop.cc...

Leveraging Large Language Models for Command Injection Vulnerability Analysis in Python: an Empirical Study on Popular Open-Source Projects

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large Language ModelsLLMs in code-related tasks, such as testing...

CVE-2025-47287 vulnerabilities

Vulnerabilities for packages: grafana-oncall, airflow, jupyter-base-notebook, tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server, dask-kubernetes...

GHSA-7CX3-6M66-7C5M vulnerabilities

Vulnerabilities for packages: grafana-oncall, airflow, jupyter-base-notebook, tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server, dask-kubernetes...

CVE-2025-47287 vulnerabilities

Vulnerabilities for packages: grafana-oncall, dask-kubernetes, kubeflow-pipelines-visualization-server, airflow, tensorflow-cpu-jupyter, jupyter-base-notebook...

GHSA-7CX3-6M66-7C5M vulnerabilities

Vulnerabilities for packages: grafana-oncall, dask-kubernetes, kubeflow-pipelines-visualization-server, airflow, tensorflow-cpu-jupyter, jupyter-base-notebook...

CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

DEBIAN-CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649

Removed by vendor...

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649

CVE-2025-0649 affects Google’s TensorFlow Serving up to version 2.18.0, where an incorrect JSON input stringification can lead to potentially unbounded recursion and a server crash. Root cause: improper handling of JSON inputs in the serving component. Impact: high availability risk (server crash...

PT-2025-19869 · Unknown · Tensorflow

Name of the Vulnerable Software and Affected Versions: Tensorflow serving versions up to 2.18.0 Description: The issue is related to incorrect JSON input stringification in Tensorflow serving, which allows for potentially unbounded recursion. This can lead to a server crash. Recommendations: For...

TensorFlow Serving 安全漏洞

TensorFlow Serving is a flexible, high-performance machine learning model serving system open-sourced by TensorFlow. A security vulnerability exists in TensorFlow Serving version 2.18.0 and earlier, which stems from improper stringing of JSON inputs and could lead to infinite recursion and server...

@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.8.0) +56 more potentially affected by CVE-2025-27793 via vega-functions (>=5.10.0 <=5.16.0)

vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =0.5.0, =1.0.0, =1.0.7, =0.1.4, =0.6.2, =1.0.1, =2.8.0-canary.140, =2.27.0 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...