EUVD-2026-29553

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

CVE-2026-31230

The CVE-2026-31230 vulnerability concerns the Adversarial Robustness Toolbox (ART) up to v1.20.1, specifically in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The issue arises from using unsafe eval() to parse string values passed via --clip_values and --input_shape, enabling a...

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

CVE-2021-33654

When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception...

CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

PT-2025-47649

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. Users can cause the vLLM engine to crash when serving multimodal models by providing multimodal embedding inputs with a...

EUVD-2021-20331

Malware in sbrugna...

EUVD-2021-20326

Malware in sbrugna...

CVE-2022-36004

TensorFlow is an open source platform for machine learning. When tf.random.gamma receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...

SUSE CVE-2022-35963

TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...

SUSE CVE-2022-35959

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...

SUSE CVE-2022-35968

TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-41901

CVE-2022-41901 affects TensorFlow. The issue is a CHECK fail in tf.raw_ops.SparseMatrixNNZ triggered when input tensor is not a rank-0 matrix, which can cause a crash (denial of service). Fixed in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693; the fix will be included in TensorFlow 2.11 ...

GHSA-2475-53VW-VP25 TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`

Impact The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 2, 2, 1 strides = 1, 2, 2, 1 padding = "VALID" dataformat = "NHWC"...

GHSA-84JM-4CF3-9JFM TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`

Impact The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. python import tensorflow as tf overlapping = True originputtensorshape =...

GHSA-WXJJ-CGCX-R3VQ TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`

Impact The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 1, 1, 1, 1 strides = 1, 1, 1, 1, 1 padding ...

CVE-2022-35968 `CHECK` fail in `AvgPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...