GHSA-36RR-WW3J-VRJV vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

Linux Distros Unpatched Vulnerability : CVE-2025-0649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

Linux Distros Unpatched Vulnerability : CVE-2024-3660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the...

Exploit for CVE-2024-3660

CVE-2024-3660 – TensorFlow Keras Arbitrary Code Execution via...

GHSA-PWQ7-2GVJ-VG9V vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

CVE-2025-8747 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

GHSA-PWQ7-2GVJ-VG9V vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter...

CVE-2025-8747 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter...

SUSE CVE-2025-5197

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

GHSA-9356-575X-2W9M Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

CVE-2025-5197

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

CVE-2025-5197

The CVE-2025-5197 ReDoS vulnerability affects Hugging Face Transformers in the convert_tf_weight_name_to_pt_weight_name() function, where the regex /[^/]___([^/] )/ can cause excessive CPU usage via catastrophic backtracking. Affected versions: up to 4.51.3, with a fix in 4.53.0. Practical impact...

PT-2025-32158 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.51.3 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the convert tf weight name to pt weight name function of the Hugging Face Transformers library. This function,...

CompLeak: Deep Learning Model Compression Exacerbates Privacy Leakage

Model compression is crucial for minimizing memory storage and accelerating inference in deep learning DL models, including recent foundation models like large language models LLMs. Users can access different compressed model versions according to their resources and budget. However, while existi...

Keras 2.15 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Keras 2.15 - Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-07-09 Tested on: Ubuntu 22.04 LTS, Python 3.10, TensorFlow/Keras = 2.15 CVE: CVE-2025-1550 Type: Remote Code...

GHSA-33P9-3P43-82VQ vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-gpu-jupyter...

CVE-2025-30167 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-gpu-jupyter...

CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...