AZL-74153 CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

EUVD-2020-0188

Malware in sbrugna...

EUVD-2020-0185

Malware in sbrugna...

EUVD-2025-31129

Malicious code in bioql PyPI...

EUVD-2022-4120

Malicious code in bioql PyPI...

CVE-2025-55559

An issue was discovered TensorFlow v2.18.0. A Denial of Service DoS occurs when padding is set to 'valid' in tf.keras.layers.Conv2D...

CVE-2025-55559

An issue was discovered TensorFlow v2.18.0. A Denial of Service DoS occurs when padding is set to 'valid' in tf.keras.layers.Conv2D...

CVE-2022-41896

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

CVE-2022-23570

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

CVE-2021-29615

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

CVE-2021-29574

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...

CVE-2021-37653

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

CVE-2022-21726

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

CVE-2023-25669 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25669 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

PT-2025-39414

Name of the Vulnerable Software and Affected Versions TensorFlow version 2.18.0 Description TensorFlow version 2.18.0 exhibits a behavior where it outputs random results during the compilation of the Embedding component. This can lead to unpredictable application behavior. Recommendations At the...

AZL-37886 CVE-2023-38545 affecting package tensorflow for versions less than 2.16.1-1

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...

AZL-38114 CVE-2023-27537 affecting package tensorflow for versions less than 2.16.1-1

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

AZL-38512 CVE-2023-27535 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

SUSE CVE-2023-25670

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

GHSA-FXGC-95XX-GRVQ TensorFlow Denial of Service vulnerability

Impact A malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed...