GHSA-GFMX-QQQH-F38Q vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter...

CVE-2026-0897 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server...

Linux Distros Unpatched Vulnerability : CVE-2025-55559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered TensorFlow v2.18.0. A Denial of Service DoS occurs when padding is set to 'valid' in tf.keras.layers.Conv2D. CVE-2025-55559 Note that...

GHSA-CPWX-VRP4-4PQ7 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, tensorflow-cpu-jupyter, grafana-oncall, reflex, checkov...

CVE-2023-25668 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25668 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25664 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25664 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25670 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25670 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

AZL-54212 CVE-2024-11053 affecting package tensorflow for versions less than 2.16.1-7

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

CVE-2023-23914 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-23914 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

AZL-38788 CVE-2022-43551 affecting package tensorflow for versions less than 2.16.1-1

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

CVE-2022-41911 affecting package tensorflow for versions less than 2.11.0-1

CVE-2022-41911 affecting package tensorflow for versions less than 2.11.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-41886 affecting package tensorflow for versions less than 2.11.0-1

CVE-2022-41886 affecting package tensorflow for versions less than 2.11.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-41890 affecting package tensorflow for versions less than 2.11.0-1

CVE-2022-41890 affecting package tensorflow for versions less than 2.11.0-1. An upgraded version of the package is available that resolves this issue...

clip-jax (=0.0.5) potentially affected by CVE-2022-35952 via tensorflow-cpu (=2.9.0)

tensorflow-cpu PYPI version =2.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - clip-jax =0.0.5 Source cves: CVE-2022-35952 Source advisory: OSV:GHSA-H5VQ-GW2C-PQ47...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by unknown CVE via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-MW6J-HH29-H379...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-21737 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-21737 Source advisory: OSV:GHSA-F2VV-V9CG-QHH7...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41216 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41216 Source advisory: OSV:GHSA-3FF2-R28G-W7H9...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +88 more potentially affected by CVE-2021-29615 via tensorflow (>=2.2.0 <=2.2.2)

tensorflow PYPI version =2.2.0, =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2021-29615 Source advisory: OSV:GHSA-QW5H-7F53-XRP6...

pycnet-audio (>=0.5.1 <=0.5.8) potentially affected by CVE-2020-26268 via tensorflow-cpu (=2.2.0)

tensorflow-cpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - pycnet-audio =0.5.1, =0.5.8 Source cves: CVE-2020-26268 Source advisory: OSV:GHSA-HHVC-G5HV-48C6...