EUVD-2022-7375

Malicious code in bioql PyPI...

EUVD-2022-6766

Malicious code in bioql PyPI...

EUVD-2022-7399

Malicious code in bioql PyPI...

EUVD-2022-6816

Malicious code in bioql PyPI...

EUVD-2022-7289

Malicious code in bioql PyPI...

EUVD-2022-7320

Malicious code in bioql PyPI...

EUVD-2022-6925

Malicious code in bioql PyPI...

EUVD-2022-7310

Malicious code in bioql PyPI...

EUVD-2022-6871

Malicious code in bioql PyPI...

EUVD-2022-6717

Malicious code in bioql PyPI...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via insufficient validation in the getConfigFile function in the UIConfigRest class. An attacker can gain unauthorized access to files located in directories that share a common prefix with the intended folder by...

Use of Externally-Controlled Format String

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Format String via the InterpretImageFilename function, where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can execute arbitrary code or cause a heap-based buff...

Security Bulletin: NVIDIA Isaac-GR00T - August 2025

NVIDIA has released a software update for NVIDIA Isaac-GR00T. To protect your system, install the software including the Github commit 9ca97e1 of NVIDIA Isaac-GR00T. Go to NVIDIA Product Security...

Security Bulletin: NVIDIA WebDataset - August 2025

NVIDIA has released a software update for NVIDIA WebDataset. To protect your system, install the software including the Github commit 9e95f50 of NVIDIA WebDataset. Go to NVIDIA Product Security...

Information Exposure

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Information Exposure via the authenticateuser function in the /server/endpoints/lollmsauthentication.py file. An attacker can enumerate valid usernames and incrementally guess...

CVE-2022-41885

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-36004

TensorFlow is an open source platform for machine learning. When tf.random.gamma receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...

CVE-2022-36005

TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2021-37690

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

CVE-2021-37636

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...