Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/148481?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "type": "pypi", "namespace": "", "name": "tensorflow", "version": "2.10.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12.1", "latest_non_vulnerable_version": "2.12.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44733?format=api", "vulnerability_id": "VCID-1jte-hpg7-gydx", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669" }, { "reference_url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25669", "GHSA-rcf8-g8jv-vg6p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jte-hpg7-gydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44739?format=api", "vulnerability_id": "VCID-36ey-jnev-qqf8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17135", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17098", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17174", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1717", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666" }, { "reference_url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64401?format=api", "purl": "pkg:pypi/tensorflow@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0" } ], "aliases": [ "CVE-2023-25666", "GHSA-f637-vh3r-vfh2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36ey-jnev-qqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55592?format=api", "vulnerability_id": "VCID-37j3-cnw5-4fch", "summary": "TensorFlow has segfault in array_ops.upper_bound\n`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1127", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11278", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976", "reference_id": "CVE-2023-33976", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82290?format=api", "purl": "pkg:pypi/tensorflow@2.12.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.1" } ], "aliases": [ "CVE-2023-33976", "GHSA-gjh7-xx4r-x345" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37j3-cnw5-4fch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44751?format=api", "vulnerability_id": "VCID-6f4y-m6ca-nyf6", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4301", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43022", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4303", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663" }, { "reference_url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25663", "GHSA-64jg-wjww-7c5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-m6ca-nyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44736?format=api", "vulnerability_id": "VCID-6yy3-r6mh-j3e8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31243", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31244", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31312", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31278", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665" }, { "reference_url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64401?format=api", "purl": "pkg:pypi/tensorflow@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0" } ], "aliases": [ "CVE-2023-25665", "GHSA-558h-mq8x-7q9g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yy3-r6mh-j3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44752?format=api", "vulnerability_id": "VCID-8nt4-mp8z-b3et", "summary": "Double Free\nTensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2517", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2522", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25235", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801" }, { "reference_url": "https://github.com/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f49c-87jh-g47q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64401?format=api", "purl": "pkg:pypi/tensorflow@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0" } ], "aliases": [ "CVE-2023-25801", "GHSA-f49c-87jh-g47q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nt4-mp8z-b3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=api", "vulnerability_id": "VCID-b31k-j7yk-muhz", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81228", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81256", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81258", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668" }, { "reference_url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64401?format=api", "purl": "pkg:pypi/tensorflow@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0" } ], "aliases": [ "CVE-2023-25668", "GHSA-gw97-ff7c-9v96" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b31k-j7yk-muhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44743?format=api", "vulnerability_id": "VCID-c1qd-61t7-2fe3", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43639", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43652", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43663", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667" }, { "reference_url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25667", "GHSA-fqm2-gh8w-gr68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1qd-61t7-2fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44730?format=api", "vulnerability_id": "VCID-cvdm-ubbq-63ew", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660" }, { "reference_url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25660", "GHSA-qjqc-vqcf-5qvj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvdm-ubbq-63ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44746?format=api", "vulnerability_id": "VCID-dftm-vs4w-kfag", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25626", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25683", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25674", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664" }, { "reference_url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64401?format=api", "purl": "pkg:pypi/tensorflow@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0" } ], "aliases": [ "CVE-2023-25664", "GHSA-6hg6-5c2q-7rcr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dftm-vs4w-kfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44731?format=api", "vulnerability_id": "VCID-ev9c-cxzc-p7hb", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35524", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35456", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35562", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662" }, { "reference_url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25662", "GHSA-7jvm-xxmr-v5cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-cxzc-p7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44741?format=api", "vulnerability_id": "VCID-h18h-987d-q7he", "summary": "Incorrect Comparison\nTensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579" }, { "reference_url": "https://github.com/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5w96-866f-6rm8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-27579", "GHSA-5w96-866f-6rm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h18h-987d-q7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44750?format=api", "vulnerability_id": "VCID-j7jy-3r33-x7fy", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60443", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60451", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60454", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674" }, { "reference_url": "https://github.com/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf97-q72m-7579" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25674", "GHSA-gf97-q72m-7579" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jy-3r33-x7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44755?format=api", "vulnerability_id": "VCID-jswv-zqu6-efee", "summary": "TensorFlow Denial of Service vulnerability\n### Impact\nA malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack.\nTo minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed in real-world systems. However, if we call the model with a malicious input which has a zero dimension, it gives Check Failed failure and crashes.\n```python\nimport tensorflow as tf\n\nclass MyModel(tf.keras.Model):\n def __init__(self):\n super().__init__()\n self.conv = tf.keras.layers.Convolution3DTranspose(2, [3,3,3], padding=\"same\")\n \n def call(self, input):\n return self.conv(input)\nmodel = MyModel() # Defines a valid model.\n\nx = tf.random.uniform([1, 32, 32, 32, 3], minval=0, maxval=0, dtype=tf.float32) # This is a valid input.\noutput = model.predict(x)\nprint(output.shape) # (1, 32, 32, 32, 2)\n\nx = tf.random.uniform([1, 32, 32, 0, 3], dtype=tf.float32) # This is an invalid input.\noutput = model(x) # crash\n```\nThis Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services.\n\n### Patches\nWe have patched the issue in\n- GitHub commit [948fe6369a5711d4b4568ea9bbf6015c6dfb77e2](https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2)\n - GitHub commit [85db5d07db54b853484bfd358c3894d948c36baf](https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf). \n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n ### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37111", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37079", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37012", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25661" }, { "reference_url": "https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25661", "reference_id": "CVE-2023-25661", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25661" }, { "reference_url": "https://github.com/advisories/GHSA-fxgc-95xx-grvq", "reference_id": "GHSA-fxgc-95xx-grvq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxgc-95xx-grvq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", "reference_id": "GHSA-fxgc-95xx-grvq", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25661", "GHSA-fxgc-95xx-grvq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jswv-zqu6-efee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44749?format=api", "vulnerability_id": "VCID-mj52-z2qy-4bd8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28107", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28126", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28197", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28147", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672" }, { "reference_url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25672", "GHSA-94mm-g2mv-8p7r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj52-z2qy-4bd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44734?format=api", "vulnerability_id": "VCID-mkr8-shuu-1qhk", "summary": "Out-of-bounds Write\nTensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55211", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55213", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5522", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25671" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25671", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25671" }, { "reference_url": "https://github.com/advisories/GHSA-j5w9-hmfh-4cr6", "reference_id": "GHSA-j5w9-hmfh-4cr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5w9-hmfh-4cr6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", "reference_id": "GHSA-j5w9-hmfh-4cr6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25671", "GHSA-j5w9-hmfh-4cr6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkr8-shuu-1qhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44748?format=api", "vulnerability_id": "VCID-q2hk-yjnj-jbfb", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676" }, { "reference_url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64401?format=api", "purl": "pkg:pypi/tensorflow@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0" } ], "aliases": [ "CVE-2023-25676", "GHSA-6wfh-89q8-44jq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2hk-yjnj-jbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44737?format=api", "vulnerability_id": "VCID-qh3y-aeak-u3hg", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42537", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.4248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42554", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42564", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659" }, { "reference_url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25659", "GHSA-93vr-9q9m-pj8p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh3y-aeak-u3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44732?format=api", "vulnerability_id": "VCID-upnq-6wx8-gug8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51616", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51571", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51631", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51637", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673" }, { "reference_url": "https://github.com/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-647v-r7qq-24fh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25673", "GHSA-647v-r7qq-24fh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upnq-6wx8-gug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44742?format=api", "vulnerability_id": "VCID-v68f-q5vf-wkf5", "summary": "Incorrect Comparison\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675" }, { "reference_url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64401?format=api", "purl": "pkg:pypi/tensorflow@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0" } ], "aliases": [ "CVE-2023-25675", "GHSA-7x4v-9gxg-9hwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v68f-q5vf-wkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44738?format=api", "vulnerability_id": "VCID-w5vq-nwu5-pken", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670" }, { "reference_url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25670", "GHSA-49rq-hwc3-x77w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5vq-nwu5-pken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44735?format=api", "vulnerability_id": "VCID-xej2-7wvk-xuec", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17042", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17037", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658" }, { "reference_url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64400?format=api", "purl": "pkg:pypi/tensorflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1" } ], "aliases": [ "CVE-2023-25658", "GHSA-68v3-g9cm-rmm6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xej2-7wvk-xuec" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102271?format=api", "vulnerability_id": "VCID-1b48-dfec-4ycn", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35042", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35114", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35152", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907" }, { "reference_url": "https://github.com/advisories/GHSA-368v-7v32-52fx", "reference_id": "GHSA-368v-7v32-52fx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-368v-7v32-52fx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41907", "GHSA-368v-7v32-52fx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1b48-dfec-4ycn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102274?format=api", "vulnerability_id": "VCID-1xee-v43t-c7c4", "summary": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55599", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55649", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55655", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910" }, { "reference_url": "https://github.com/advisories/GHSA-frqp-wp83-qggv", "reference_id": "GHSA-frqp-wp83-qggv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frqp-wp83-qggv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41910", "GHSA-frqp-wp83-qggv", "GMS-2022-6997", "GMS-2022-7005", "GMS-2022-7013" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xee-v43t-c7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102254?format=api", "vulnerability_id": "VCID-42t9-hpd3-hufy", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886" }, { "reference_url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "GHSA-54pp-c6pp-7fpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41886", "GHSA-54pp-c6pp-7fpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42t9-hpd3-hufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102267?format=api", "vulnerability_id": "VCID-6aey-qzrr-9qdk", "summary": "TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899" }, { "reference_url": "https://github.com/advisories/GHSA-27rc-728f-x5w2", "reference_id": "GHSA-27rc-728f-x5w2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27rc-728f-x5w2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41899", "GHSA-27rc-728f-x5w2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6aey-qzrr-9qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102270?format=api", "vulnerability_id": "VCID-71dj-4wgv-dkfa", "summary": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53052", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53113", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902" }, { "reference_url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "GHSA-cg88-rpvp-cjv5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41902", "GHSA-cg88-rpvp-cjv5", "GMS-2022-6995", "GMS-2022-7003", "GMS-2022-7011" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71dj-4wgv-dkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102260?format=api", "vulnerability_id": "VCID-a2bj-bk9e-7fdw", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891" }, { "reference_url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "GHSA-66vq-54fq-6jvv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41891", "GHSA-66vq-54fq-6jvv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2bj-bk9e-7fdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102265?format=api", "vulnerability_id": "VCID-bmq7-ywhj-w3ap", "summary": "TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897" }, { "reference_url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "GHSA-f2w8-jw48-fr7j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41897", "GHSA-f2w8-jw48-fr7j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmq7-ywhj-w3ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102262?format=api", "vulnerability_id": "VCID-cev9-9bnb-4udc", "summary": "TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45259", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45312", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45332", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45328", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41894" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/091e63f0ea33def7ecad661a5ac01dcafbafa90b/tensorflow/lite/kernels/internal/reference/conv3d_transpose.h#L121", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/091e63f0ea33def7ecad661a5ac01dcafbafa90b/tensorflow/lite/kernels/internal/reference/conv3d_transpose.h#L121" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/72c0bdcb25305b0b36842d746cc61d72658d2941", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/72c0bdcb25305b0b36842d746cc61d72658d2941" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41894", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41894" }, { "reference_url": "https://github.com/advisories/GHSA-h6q3-vv32-2cq5", "reference_id": "GHSA-h6q3-vv32-2cq5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6q3-vv32-2cq5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41894", "GHSA-h6q3-vv32-2cq5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cev9-9bnb-4udc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102257?format=api", "vulnerability_id": "VCID-dvpe-15m7-puh4", "summary": "TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31038", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31036", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3107", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889" }, { "reference_url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "GHSA-xxcj-rhqg-m46g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41889", "GHSA-xxcj-rhqg-m46g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvpe-15m7-puh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110201?format=api", "vulnerability_id": "VCID-e8a2-ny5z-73au", "summary": "`CHECK` failure in `SobolSample` via missing validation\n### Impact\nAnother instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.\n```python\nimport tensorflow as tf\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))\n```\n\n### Patches\nWe have patched the issue in GitHub commits [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf) and [02400ea266bd811fc016a848445de1bbff3a23a0](https://github.com/tensorflow/tensorflow/commit/02400ea266bd811fc016a848445de1bbff3a23a0)\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick both commits on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. TensorFlow 2.7.4 will have the first commit cherrypicked.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n- Kang Hong Jin from Singapore Management University\n- Neophytos Christou, Secure Systems Labs, Brown University\n- 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology\n- Pattarakrit Rattankul", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc" }, { "reference_url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "GHSA-cqvq-fvhr-v6hc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "GHSA-cqvq-fvhr-v6hc", "GMS-2022-6996", "GMS-2022-7004", "GMS-2022-7012" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8a2-ny5z-73au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102269?format=api", "vulnerability_id": "VCID-ekmw-8ekq-1bfq", "summary": "TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52276", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57785", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57777", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901" }, { "reference_url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "GHSA-g9fm-r5mm-rf9f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41901", "GHSA-g9fm-r5mm-rf9f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekmw-8ekq-1bfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102261?format=api", "vulnerability_id": "VCID-eseh-ekjx-yffk", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41286", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41282", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893" }, { "reference_url": "https://github.com/advisories/GHSA-67pf-62xr-q35m", "reference_id": "GHSA-67pf-62xr-q35m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67pf-62xr-q35m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41893", "GHSA-67pf-62xr-q35m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eseh-ekjx-yffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102251?format=api", "vulnerability_id": "VCID-ghqz-dfeq-rygz", "summary": "TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32381", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32421", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35169", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884" }, { "reference_url": "https://github.com/advisories/GHSA-jq6x-99hj-q636", "reference_id": "GHSA-jq6x-99hj-q636", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jq6x-99hj-q636" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41884", "GHSA-jq6x-99hj-q636" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghqz-dfeq-rygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102272?format=api", "vulnerability_id": "VCID-hm4p-s6xd-8uf5", "summary": "TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49113", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54738", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54806", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908" }, { "reference_url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "GHSA-mv77-9g28-cwg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41908", "GHSA-mv77-9g28-cwg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm4p-s6xd-8uf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102250?format=api", "vulnerability_id": "VCID-kp1j-7gv3-8uf4", "summary": "TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.3985", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39877", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39873", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39788", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41883" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41883", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41883" }, { "reference_url": "https://github.com/advisories/GHSA-w58w-79xv-6vcj", "reference_id": "GHSA-w58w-79xv-6vcj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w58w-79xv-6vcj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41883", "GHSA-w58w-79xv-6vcj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kp1j-7gv3-8uf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110102?format=api", "vulnerability_id": "VCID-kzhb-zzzm-ebe1", "summary": "`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode\n### Impact\nAnother instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=''\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf9932fc907aff0e9e8cccf769e8b00d30fd81a1](https://github.com/tensorflow/tensorflow/commit/bf9932fc907aff0e9e8cccf769e8b00d30fd81a1).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m" }, { "reference_url": "https://github.com/advisories/GHSA-xf83-q765-xm6m", "reference_id": "GHSA-xf83-q765-xm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf83-q765-xm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "GHSA-xf83-q765-xm6m", "GMS-2022-7001", "GMS-2022-7009", "GMS-2022-7017" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzhb-zzzm-ebe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102273?format=api", "vulnerability_id": "VCID-nn1z-3z62-5fby", "summary": "TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60705", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65677", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65666", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909" }, { "reference_url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "GHSA-rjx6-v474-2ch9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41909", "GHSA-rjx6-v474-2ch9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn1z-3z62-5fby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102252?format=api", "vulnerability_id": "VCID-pw2j-ex1f-wkgd", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37623", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37809", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37807", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37715", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885" }, { "reference_url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "GHSA-762h-vpvw-3rcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148471?format=api", "purl": "pkg:pypi/tensorflow@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cev9-9bnb-4udc" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145394?format=api", "purl": "pkg:pypi/tensorflow@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cev9-9bnb-4udc" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145397?format=api", "purl": "pkg:pypi/tensorflow@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cev9-9bnb-4udc" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41885", "GHSA-762h-vpvw-3rcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pw2j-ex1f-wkgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102275?format=api", "vulnerability_id": "VCID-rdtn-n88f-pqas", "summary": "TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36427", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36492", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36529", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36521", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911" }, { "reference_url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "GHSA-pf36-r9c6-h97j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41911", "GHSA-pf36-r9c6-h97j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtn-n88f-pqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102256?format=api", "vulnerability_id": "VCID-rh99-4vre-gfde", "summary": "TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41399", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47464", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47528", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888" }, { "reference_url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "GHSA-6x99-gv2v-q76v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41888", "GHSA-6x99-gv2v-q76v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rh99-4vre-gfde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102268?format=api", "vulnerability_id": "VCID-scvf-p5ff-c3df", "summary": "TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01207", "scoring_system": "epss", "scoring_elements": "0.79315", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79644", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79639", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900" }, { "reference_url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "GHSA-xvwp-h6jv-7472", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41900", "GHSA-xvwp-h6jv-7472" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scvf-p5ff-c3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102259?format=api", "vulnerability_id": "VCID-tuqw-n8ka-jfht", "summary": "TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34384", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3442", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34404", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890" }, { "reference_url": "https://github.com/advisories/GHSA-h246-cgh4-7475", "reference_id": "GHSA-h246-cgh4-7475", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h246-cgh4-7475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41890", "GHSA-h246-cgh4-7475" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqw-n8ka-jfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102263?format=api", "vulnerability_id": "VCID-vxm3-72uk-zbb8", "summary": "TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895" }, { "reference_url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "GHSA-gq2j-cr96-gvqx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41895", "GHSA-gq2j-cr96-gvqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxm3-72uk-zbb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102249?format=api", "vulnerability_id": "VCID-wdks-wa1n-ckhx", "summary": "TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36583", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36685", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36677", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39276", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880" }, { "reference_url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "GHSA-8w5g-3wcv-9g2j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41880", "GHSA-8w5g-3wcv-9g2j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdks-wa1n-ckhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102255?format=api", "vulnerability_id": "VCID-yrtd-47vc-muff", "summary": "TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3399", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34107", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34091", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36511", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887" }, { "reference_url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "GHSA-8fvv-46hw-vpg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41887", "GHSA-8fvv-46hw-vpg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrtd-47vc-muff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102266?format=api", "vulnerability_id": "VCID-yy9b-ymk2-5kea", "summary": "TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898" }, { "reference_url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "GHSA-hq7g-wwwp-q46h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41898", "GHSA-hq7g-wwwp-q46h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy9b-ymk2-5kea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102264?format=api", "vulnerability_id": "VCID-zc2s-1rty-hyd9", "summary": "TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896" }, { "reference_url": "https://github.com/advisories/GHSA-rmg2-f698-wq35", "reference_id": "GHSA-rmg2-f698-wq35", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmg2-f698-wq35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148479?format=api", "purl": "pkg:pypi/tensorflow@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148480?format=api", "purl": "pkg:pypi/tensorflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148481?format=api", "purl": "pkg:pypi/tensorflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-jswv-zqu6-efee" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mkr8-shuu-1qhk" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" } ], "aliases": [ "CVE-2022-41896", "GHSA-rmg2-f698-wq35" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2s-1rty-hyd9" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.1" }