Lucene search
K

1782 matches found

OSV
OSV
added last week4 views

PYSEC-2026-1952 TensorFlow Denial of Service vulnerability

Impact A malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed...

6.5CVSS6.7AI score0.00432EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-977 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`

Impact If FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf numbits = 8 narrowrange = False inputs = tf.constant0, shape=2,3, dtype=tf.float32 min = tf.constant0,...

5.9CVSS6.9AI score0.00383EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-947 TensorFlow vulnerable to segfault in `SparseBincount`

Impact If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf binaryoutput = True indices = tf.random.uniformshape=, minval=-10000...

5.9CVSS6.9AI score0.00423EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.6 views

PYSEC-2026-979 TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`

Impact When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=6, 6, 2, dtype=tf.bfloat16, maxval=None arg1=tf.random.uniformshape=6, 9, 1, 3,...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1006 TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`

Impact When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None...

5.9CVSS5.9AI score0.00383EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.2 views

PYSEC-2026-1014 TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes`

Impact When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=1, 3, 2, 3, shape=1, 3, 2, 3, dtype=tf.half...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:3 a.m.3 views

PYSEC-2026-1012 Integer overflow in `SpaceToBatchND`

Impact The implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow: python import tensorflow as tf input = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32 blockshape = tf.constant-1879048192, shape=2, dtype=tf.int64...

5.5CVSS5.9AI score0.00332EPSS
Exploits1References11
OSV
OSV
added 2026/03/06 10:16 p.m.16 views

AZL-79649 CVE-2026-27142 affecting package tensorflow 2.16.1-11

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 2:16 a.m.12 views

AZL-79455 CVE-2026-3381 affecting package tensorflow 2.11.1-2

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

9.8CVSS5.8AI score0.00548EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/02/20 10:22 p.m.8 views

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4412 more potentially affected by CVE-2026-2492 via tensorflow (>=2.0.0 <=2.21.0)

tensorflow PYPI version =2.0.0, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 - academic-emotion =0.1.2 and more Source cves: CVE-2026-2492 Source advisory: SNYK:PYTHON-TENSORFLOW-15325644...

7.8CVSS7.1AI score0.00252EPSS
Exploits0
Snyk
Snyk
added 2026/02/20 10:22 p.m.7 views

Uncontrolled Search Path Element

Overview tensorflow is a machine learning framework. Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the loading of HDF5 plugins in the Keras engine. An attacker can execute arbitrary code by placing a malicious plugin in the default search path. Remediati...

8.5CVSS6.1AI score0.00252EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/01/20 9:31 p.m.14 views

CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10

CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10. A patched version of the package is available...

8.9CVSS5.5AI score0.02667EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.13 views

CVE-2021-41218

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the splitcount argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...

5.5CVSS7AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.16 views

CVE-2021-41195

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

5.5CVSS6.6AI score0.00205EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.9 views

CVE-2022-23565

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS6.7AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.9 views

CVE-2022-23576

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.11 views

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

7.5CVSS6.6AI score0.00973EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.11 views

CVE-2022-23577

Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...

6.5CVSS6.6AI score0.00783EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.11 views

CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

6.5CVSS6.9AI score0.008EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.13 views

CVE-2022-23593

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...

7.5CVSS6.5AI score0.0087EPSS
Exploits1References1
Rows per page
Query Builder