Every CVE whose affected-product data names Google Tensorflow, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2018-7575 — CVSS 9.8 (critical): Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.
CVE-2023-25668 — CVSS 9.8 (critical): TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory…
CVE-2021-37678 — CVSS 9.3 (critical): TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform…
CVE-2021-35958 — CVSS 9.1 (critical): TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with…
CVE-2020-15205 — CVSS 9.0 (critical): In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks…
CVE-2020-15206 — CVSS 9.0 (critical): In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering…
CVE-2020-15202 — CVSS 9.0 (critical): In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a…
CVE-2022-23594 — CVSS 8.8 (high): Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming…
CVE-2021-41208 — CVSS 8.8 (high): TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing…
CVE-2022-23559 — CVSS 8.8 (high): Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in…
CVE-2022-23574 — CVSS 8.8 (high): Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB…
CVE-2018-8825 — CVSS 8.8 (high): Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
CVE-2022-23560 — CVSS 8.8 (high): Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes…
CVE-2022-23561 — CVSS 8.8 (high): Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of…
CVE-2022-23566 — CVSS 8.8 (high): Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output`…
CVE-2022-23587 — CVSS 8.8 (high): Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an…
CVE-2020-15207 — CVSS 8.7 (high): In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses…
CVE-2020-15195 — CVSS 8.5 (high): In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing…
CVE-2020-15196 — CVSS 8.5 (high): In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights`…
CVE-2021-37639 — CVSS 8.4 (high): TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not…
CVE-2020-15214 — CVSS 8.1 (high): In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the…
CVE-2022-21728 — CVSS 8.1 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully…
CVE-2022-21730 — CVSS 8.1 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the…
CVE-2018-10055 — CVSS 8.1 (high): Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or…
CVE-2022-23592 — CVSS 8.1 (high): Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds…
CVE-2020-15212 — CVSS 8.1 (high): In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers…
CVE-2018-7577 — CVSS 8.1 (high): Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from…
CVE-2022-21726 — CVSS 8.1 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and…
CVE-2023-25801 — CVSS 8.0 (high): TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and…
CVE-2021-41214 — CVSS 7.8 (high): TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an…
CVE-2021-37650 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalD…
CVE-2021-41219 — CVSS 7.8 (high): TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to…
CVE-2021-41220 — CVSS 7.8 (high): TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers…
CVE-2021-41221 — CVSS 7.8 (high): TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in…
CVE-2021-37663 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in…
CVE-2021-37665 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL…
CVE-2021-37652 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesC…
CVE-2021-37666 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2021-37667 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2021-37648 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not…
CVE-2021-37671 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2021-37676 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2021-37681 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is…
CVE-2021-37688 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would…
CVE-2021-37689 — CVSS 7.8 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would…
CVE-2021-41201 — CVSS 7.8 (high): TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is…
CVE-2021-41203 — CVSS 7.8 (high): TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer…
CVE-2022-29216 — CVSS 7.8 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's…
CVE-2021-37647 — CVSS 7.7 (high): TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse…
CVE-2021-37637 — CVSS 7.7 (high): TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow…
CVE-2021-37649 — CVSS 7.7 (high): TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a…
CVE-2021-37643 — CVSS 7.7 (high): TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to…
CVE-2021-37638 — CVSS 7.7 (high): TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of…
CVE-2022-23562 — CVSS 7.6 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger…
CVE-2022-23558 — CVSS 7.6 (high): Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in…
CVE-2022-23573 — CVSS 7.6 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new…
CVE-2022-23584 — CVSS 7.6 (high): Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images…
CVE-2022-21740 — CVSS 7.6 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow…
CVE-2022-21736 — CVSS 7.6 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under…
CVE-2022-21727 — CVSS 7.6 (high): Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer…
CVE-2023-25666 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in…
CVE-2025-55559 — CVSS 7.5 (high): An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
CVE-2023-33976 — CVSS 7.5 (high): TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2…
CVE-2023-27579 — CVSS 7.5 (high): TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel`…
CVE-2023-25676 — CVSS 7.5 (high): TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConca…
CVE-2023-25675 — CVSS 7.5 (high): TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount`…
CVE-2020-15203 — CVSS 7.5 (high): In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a…
CVE-2023-25674 — CVSS 7.5 (high): TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with…
CVE-2023-25673 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in…
CVE-2023-25672 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the…
CVE-2023-25671 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is…
CVE-2023-25670 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in…
CVE-2023-25669 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not…
CVE-2020-26269 — CVSS 7.5 (high): In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is…
CVE-2023-25665 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given…
CVE-2023-25664 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in…
CVE-2023-25663 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null…
CVE-2023-25662 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in…
CVE-2023-25660 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of…
CVE-2023-25659 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for…
CVE-2023-25658 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in…
CVE-2022-23591 — CVSS 7.5 (high): Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The…
CVE-2021-41228 — CVSS 7.5 (high): TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a…
CVE-2020-15208 — CVSS 7.4 (high): In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite…
CVE-2021-29591 — CVSS 7.3 (high): TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this…
CVE-2021-37654 — CVSS 7.3 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a…
CVE-2021-37655 — CVSS 7.3 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of…
CVE-2021-37641 — CVSS 7.3 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather`…
CVE-2021-37635 — CVSS 7.3 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction…
CVE-2021-37664 — CVSS 7.3 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of…
CVE-2021-37659 — CVSS 7.3 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2022-41894 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator…
CVE-2022-23563 — CVSS 7.1 (high): Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files…
CVE-2021-41226 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a…
CVE-2021-41224 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to…
CVE-2021-41223 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is…
CVE-2022-29208 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of…
CVE-2021-41212 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger…
CVE-2021-41211 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a…
CVE-2021-41210 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput`…
CVE-2021-41205 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the…
CVE-2021-37679 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within…
CVE-2022-41900 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal…
CVE-2022-41902 — CVSS 7.1 (high): TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes…
CVE-2021-29605 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an…
CVE-2021-29606 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap…
CVE-2021-37651 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvg…
CVE-2021-29614 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results…
CVE-2021-37662 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via…
CVE-2021-37658 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2021-37657 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2021-37656 — CVSS 7.1 (high): TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via…
CVE-2020-15193 — CVSS 7.1 (high): In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting…
CVE-2022-35938 — CVSS 7.0 (high): TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and…
CVE-2022-35939 — CVSS 7.0 (high): TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of…
CVE-2021-41206 — CVSS 7.0 (high): TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for…
CVE-2022-35937 — CVSS 7.0 (high): TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and…
CVE-2022-41880 — CVSS 6.8 (medium): TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes`…
CVE-2022-41883 — CVSS 6.8 (medium): TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs…
CVE-2021-37690 — CVSS 6.6 (medium): TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions…
CVE-2021-41227 — CVSS 6.6 (medium): TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be…
CVE-2022-23575 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to…
CVE-2022-23586 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such…
CVE-2022-23588 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such…
CVE-2022-23589 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null…
CVE-2022-23568 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer…
CVE-2022-23572 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape…
CVE-2022-23576 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to…
CVE-2022-23565 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a…
CVE-2019-9635 — CVSS 6.5 (medium): NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.
CVE-2020-15210 — CVSS 6.5 (medium): In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and…
CVE-2018-7576 — CVSS 6.5 (medium): Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
CVE-2022-23567 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows…
CVE-2022-23569 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via…
CVE-2025-55556 — CVSS 6.5 (medium): TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
CVE-2022-23571 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases…
CVE-2022-23570 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if…
CVE-2022-23564 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can…
CVE-2023-25661 — CVSS 6.5 (medium): TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model…
CVE-2018-21233 — CVSS 6.5 (medium): TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process…
CVE-2023-25667 — CVSS 6.5 (medium): TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <=…
CVE-2022-23557 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in…
CVE-2022-21741 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by…
CVE-2022-23577 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing…
CVE-2022-21739 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user…
CVE-2022-21738 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow…
CVE-2022-21737 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause…
CVE-2022-23579 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by…
CVE-2022-21735 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow…
CVE-2022-21734 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is…
CVE-2022-21731 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a…
CVE-2022-23580 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value…
CVE-2022-21729 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by…
CVE-2022-23581 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by…
CVE-2022-23582 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such…
CVE-2022-23583 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such…
CVE-2022-21725 — CVSS 6.5 (medium): Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a…
CVE-2020-15197 — CVSS 6.3 (medium): In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid…
CVE-2021-29613 — CVSS 6.3 (medium): TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to…
CVE-2021-29601 — CVSS 6.3 (medium): TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an…
CVE-2022-36017 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`…
CVE-2020-15199 — CVSS 5.9 (medium): In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In…
CVE-2020-15200 — CVSS 5.9 (medium): In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid…
CVE-2020-15209 — CVSS 5.9 (medium): In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor…
CVE-2020-15265 — CVSS 5.9 (medium): In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results…
CVE-2022-23590 — CVSS 5.9 (medium): Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a…
CVE-2022-23593 — CVSS 5.9 (medium): Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is…
CVE-2022-35934 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of…
CVE-2022-35935 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via…
CVE-2022-35940 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used…
CVE-2022-35941 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is…
CVE-2022-35952 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a…
CVE-2022-35959 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input…
CVE-2022-35960 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is…
CVE-2022-35963 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input…
CVE-2022-35964 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs…
CVE-2022-35965 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it…
CVE-2022-35966 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero…
CVE-2022-35967 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero…
CVE-2022-35968 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input…
CVE-2022-35969 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be…
CVE-2022-35970 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero…
CVE-2022-35971 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank…
CVE-2022-35972 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias`…
CVE-2022-35973 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`…
CVE-2022-35974 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or…
CVE-2022-35979 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for…
CVE-2022-35981 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of…
CVE-2022-35982 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape`…
CVE-2022-35983 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it…
CVE-2022-35984 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid…
CVE-2022-35985 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it…
CVE-2022-35986 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a…
CVE-2022-35987 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same…
CVE-2022-35988 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives…
CVE-2022-35989 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions…
CVE-2022-35990 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient`…
CVE-2022-35991 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape`…
CVE-2022-35992 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than…
CVE-2022-35993 — CVSS 5.9 (medium): TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives…