14317 matches found
CVE-2022-23573
Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...
CVE-2022-23566
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...
CVE-2022-35939
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...
CVE-2022-35937
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in...
CVE-2022-35938
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...
AZL-74153 CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
CVE-2019-16778
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...
GHSA-36RR-WW3J-VRJV vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter...
GHSA-C9RC-MG46-23W3 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter...
CVE-2025-9905 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter...
GHSA-C9RC-MG46-23W3 vulnerabilities
Vulnerabilities for packages: tensorflow-gpu-jupyter, tensorflow-cpu-jupyter...
CVE-2025-66034 vulnerabilities
Vulnerabilities for packages: mlflow, tensorflow-cpu-jupyter, tensorflow-gpu-jupyter, open-webui...
GHSA-768J-98CG-P3FV vulnerabilities
Vulnerabilities for packages: mlflow, tensorflow-cpu-jupyter, tensorflow-gpu-jupyter, open-webui...
CVE-2025-12058 vulnerabilities
Vulnerabilities for packages: tensorflow-gpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...
GHSA-MQ84-HJQX-CWF2 vulnerabilities
Vulnerabilities for packages: tensorflow-gpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...
GHSA-28JP-44VH-Q42H vulnerabilities
Vulnerabilities for packages: tensorflow-gpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...
CVE-2025-12060 vulnerabilities
Vulnerabilities for packages: tensorflow-gpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...
CVE-2025-12343
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnnbackendtf.c source file. The issue occurs in the dnnexecutemodeltf function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free conditio...
Double Free
Overview Affected versions of this package are vulnerable to Double Free in the dnnexecutemodeltf function due to multiple deallocations of a task object in certain error-handling paths. An attacker can cause the application to crash by triggering specific error conditions while processing...
EUVD-2021-0310
Malware in sbrugna...