SUSE CVE-2025-55559

An issue was discovered TensorFlow v2.18.0. A Denial of Service DoS occurs when padding is set to 'valid' in tf.keras.layers.Conv2D...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4981 more potentially affected by CVE-2025-55559 via tensorflow (>=1.0.1 <=2.9.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2025-55559 Source advisory: SNYK:PYTHON-TENSORFLOW-13052810...

CVE-2025-55556

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1446 more potentially affected by CVE-2025-55556 via tensorflow (>=1.0.1 <=2.20.0rc0)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.1.0, =0.1.0, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =0.9.0 and more Source cves: CVE-2025-55556 Source advisory: SNYK:PYTHON-TENSORFLOW-13052809...

GHSA-PWQ7-2GVJ-VG9V vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

GHSA-9356-575X-2W9M Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

CVE-2025-5197

The CVE-2025-5197 ReDoS vulnerability affects Hugging Face Transformers in the convert_tf_weight_name_to_pt_weight_name() function, where the regex /[^/]___([^/] )/ can cause excessive CPU usage via catastrophic backtracking. Affected versions: up to 4.51.3, with a fix in 4.53.0. Practical impact...

CVE-2023-25675

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1...

CVE-2023-27579

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-25665

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1...

CVE-2023-25674

TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1...

CVE-2023-25666

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

CVE-2022-21732

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

CVE-2022-21731

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

CVE-2022-29200

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The cod...

CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

CVE-2022-29199

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Th...

CVE-2022-29205

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...