Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/18955?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "type": "pypi", "namespace": "", "name": "tensorflow-cpu", "version": "2.6.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12.1", "latest_non_vulnerable_version": "2.12.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172312?format=api", "vulnerability_id": "VCID-162b-e4ey-kfb6", "summary": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53301", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53314", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53298", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53172", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_id": "a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902", "reference_id": "CVE-2022-41902", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221", "reference_id": "functions.cc#L221", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221" }, { "reference_url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "GHSA-cg88-rpvp-cjv5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "GHSA-cg88-rpvp-cjv5", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41902", "GHSA-cg88-rpvp-cjv5", "GMS-2022-6995", "GMS-2022-7003", "GMS-2022-7011" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-162b-e4ey-kfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15225?format=api", "vulnerability_id": "VCID-18pt-kr33-2yer", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28093", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28306", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28314", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2829", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69", "reference_id": "980b22536abcbbe1b4a5642fc940af33d8c19b69", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69" }, { "reference_url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25672", "GHSA-94mm-g2mv-8p7r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18pt-kr33-2yer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15218?format=api", "vulnerability_id": "VCID-1g5k-pk73-xuag", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31279", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31489", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31471", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04", "reference_id": "5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04" }, { "reference_url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25665", "GHSA-558h-mq8x-7q9g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1g5k-pk73-xuag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169244?format=api", "vulnerability_id": "VCID-26bq-kxgk-zba5", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17633", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17784", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17809", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17794", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29201" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4", "reference_id": "0f0b080ecde4d3dfec158d6f60da34d5e31693c4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29201", "reference_id": "CVE-2022-29201", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29201" }, { "reference_url": "https://github.com/advisories/GHSA-pqhm-4wvf-2jg8", "reference_id": "GHSA-pqhm-4wvf-2jg8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqhm-4wvf-2jg8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8", "reference_id": "GHSA-pqhm-4wvf-2jg8", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc", "reference_id": "quantized_conv_ops.cc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29201", "GHSA-pqhm-4wvf-2jg8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26bq-kxgk-zba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167080?format=api", "vulnerability_id": "VCID-2bhy-rya4-g3ag", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33315", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33291", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33114", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36026" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36026", "reference_id": "CVE-2022-36026", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36026" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713", "reference_id": "f3f9cb38ecfe5a8a703f2c4a8fead434ef291713", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713" }, { "reference_url": "https://github.com/advisories/GHSA-9cr2-8pwr-fhfq", "reference_id": "GHSA-9cr2-8pwr-fhfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9cr2-8pwr-fhfq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", "reference_id": "GHSA-9cr2-8pwr-fhfq", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36026", "GHSA-9cr2-8pwr-fhfq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bhy-rya4-g3ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169387?format=api", "vulnerability_id": "VCID-2gju-dx21-gban", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17705", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17855", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1788", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17864", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29197" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/13d38a07ce9143e044aa737cfd7bb759d0e9b400", "reference_id": "13d38a07ce9143e044aa737cfd7bb759d0e9b400", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/13d38a07ce9143e044aa737cfd7bb759d0e9b400" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29197", "reference_id": "CVE-2022-29197", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29197" }, { "reference_url": "https://github.com/advisories/GHSA-hrg5-737c-2p56", "reference_id": "GHSA-hrg5-737c-2p56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hrg5-737c-2p56" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hrg5-737c-2p56", "reference_id": "GHSA-hrg5-737c-2p56", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hrg5-737c-2p56" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95", "reference_id": "unsorted_segment_join_op.cc#L92-L95", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29197", "GHSA-hrg5-737c-2p56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gju-dx21-gban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167486?format=api", "vulnerability_id": "VCID-2yfm-qasv-d7cm", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35959" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb", "reference_id": "9178ac9d6389bdc54638ab913ea0e419234d14eb", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35959", "reference_id": "CVE-2022-35959", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35959" }, { "reference_url": "https://github.com/advisories/GHSA-wxjj-cgcx-r3vq", "reference_id": "GHSA-wxjj-cgcx-r3vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxjj-cgcx-r3vq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", "reference_id": "GHSA-wxjj-cgcx-r3vq", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35959", "GHSA-wxjj-cgcx-r3vq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yfm-qasv-d7cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167767?format=api", "vulnerability_id": "VCID-35b9-hd8e-y3g9", "summary": "TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12827", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12808", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12817", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12726", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35934" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555", "reference_id": "61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35934", "reference_id": "CVE-2022-35934", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35934" }, { "reference_url": "https://github.com/advisories/GHSA-f4w6-h4f5-wx45", "reference_id": "GHSA-f4w6-h4f5-wx45", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4w6-h4f5-wx45" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", "reference_id": "GHSA-f4w6-h4f5-wx45", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35934", "GHSA-f4w6-h4f5-wx45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35b9-hd8e-y3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169227?format=api", "vulnerability_id": "VCID-3cnr-w5u6-fkf3", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25648", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25846", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25864", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25847", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29194" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5", "reference_id": "cff267650c6a1b266e4b4500f69fbc49cdd773c5", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29194", "reference_id": "CVE-2022-29194", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29194" }, { "reference_url": "https://github.com/advisories/GHSA-h5g4-ppwx-48q2", "reference_id": "GHSA-h5g4-ppwx-48q2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5g4-ppwx-48q2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2", "reference_id": "GHSA-h5g4-ppwx-48q2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144", "reference_id": "session_ops.cc#L128-L144", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29194", "GHSA-h5g4-ppwx-48q2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cnr-w5u6-fkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/143965?format=api", "vulnerability_id": "VCID-3f8t-3shh-4yd3", "summary": "TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1131", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11277", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11319", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1125", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec", "reference_id": "6fa05df43b00038b048f4f0e51ef522da6532fec", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586", "reference_id": "915884fdf5df34aaedd00fc6ace33a2cfdefa586", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976", "reference_id": "CVE-2023-33976", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32835?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.12.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.12.1" } ], "aliases": [ "CVE-2023-33976", "GHSA-gjh7-xx4r-x345" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3f8t-3shh-4yd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211373?format=api", "vulnerability_id": "VCID-3kpb-9uen-27he", "summary": "TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34917", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34737", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34915", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34938", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35991" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35991", "reference_id": "CVE-2022-35991", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35991" }, { "reference_url": "https://github.com/advisories/GHSA-vm7x-4qhj-rrcq", "reference_id": "GHSA-vm7x-4qhj-rrcq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm7x-4qhj-rrcq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq", "reference_id": "GHSA-vm7x-4qhj-rrcq", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35991", "GHSA-vm7x-4qhj-rrcq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kpb-9uen-27he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167768?format=api", "vulnerability_id": "VCID-3mne-q3yp-g7eg", "summary": "TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22862", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22842", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2285", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22655", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35965" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea", "reference_id": "bce3717eaef4f769019fd18e990464ca4a2efeea", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:50Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35965", "reference_id": "CVE-2022-35965", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35965" }, { "reference_url": "https://github.com/advisories/GHSA-qxpx-j395-pw36", "reference_id": "GHSA-qxpx-j395-pw36", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxpx-j395-pw36" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", "reference_id": "GHSA-qxpx-j395-pw36", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:50Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35965", "GHSA-qxpx-j395-pw36" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mne-q3yp-g7eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211367?format=api", "vulnerability_id": "VCID-3muc-6x8b-kfb7", "summary": "TensorFlow vulnerable to floating point exception in `Conv2D`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35996" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996", "reference_id": "CVE-2022-35996", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996" }, { "reference_url": "https://github.com/advisories/GHSA-q5jv-m6qw-5g37", "reference_id": "GHSA-q5jv-m6qw-5g37", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5jv-m6qw-5g37" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", "reference_id": "GHSA-q5jv-m6qw-5g37", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35996", "GHSA-q5jv-m6qw-5g37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3muc-6x8b-kfb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167837?format=api", "vulnerability_id": "VCID-3p9b-eym8-jkfp", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35963" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad", "reference_id": "03a659d7be9a1154fdf5eeac221e5950fec07dad", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35963", "reference_id": "CVE-2022-35963", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35963" }, { "reference_url": "https://github.com/advisories/GHSA-84jm-4cf3-9jfm", "reference_id": "GHSA-84jm-4cf3-9jfm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-84jm-4cf3-9jfm" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", "reference_id": "GHSA-84jm-4cf3-9jfm", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35963", "GHSA-84jm-4cf3-9jfm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3p9b-eym8-jkfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167567?format=api", "vulnerability_id": "VCID-3q2y-wpjf-5fe4", "summary": "TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2263", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2261", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22616", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2242", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35988" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a", "reference_id": "c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35988", "reference_id": "CVE-2022-35988", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35988" }, { "reference_url": "https://github.com/advisories/GHSA-9vqj-64pv-w55c", "reference_id": "GHSA-9vqj-64pv-w55c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9vqj-64pv-w55c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", "reference_id": "GHSA-9vqj-64pv-w55c", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35988", "GHSA-9vqj-64pv-w55c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q2y-wpjf-5fe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172238?format=api", "vulnerability_id": "VCID-43qh-mkdk-8qdg", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35488", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35504", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35482", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba", "reference_id": "8faa6ea692985dbe6ce10e1a3168e0bd60a723ba", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886", "reference_id": "CVE-2022-41886", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886" }, { "reference_url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "GHSA-54pp-c6pp-7fpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "GHSA-54pp-c6pp-7fpx", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc", "reference_id": "image_ops.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41886", "GHSA-54pp-c6pp-7fpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43qh-mkdk-8qdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167708?format=api", "vulnerability_id": "VCID-44xr-jrtj-7kf9", "summary": "TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.4625", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46236", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46242", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46097", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35939" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384", "reference_id": "b4d4b4cb019bd7240a52daa4ba61e3cc814f0384", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35939", "reference_id": "CVE-2022-35939", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35939" }, { "reference_url": "https://github.com/advisories/GHSA-ffjm-4qwc-7cmf", "reference_id": "GHSA-ffjm-4qwc-7cmf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffjm-4qwc-7cmf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", "reference_id": "GHSA-ffjm-4qwc-7cmf", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698", "reference_id": "reference_ops.h#L659-L698", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35939", "GHSA-ffjm-4qwc-7cmf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44xr-jrtj-7kf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167658?format=api", "vulnerability_id": "VCID-4r56-jkdr-6bg5", "summary": "TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35985" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255", "reference_id": "bd90b3efab4ec958b228cd7cfe9125be1c0cf255", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:00Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35985", "reference_id": "CVE-2022-35985", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35985" }, { "reference_url": "https://github.com/advisories/GHSA-9942-r22v-78cp", "reference_id": "GHSA-9942-r22v-78cp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9942-r22v-78cp" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", "reference_id": "GHSA-9942-r22v-78cp", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:00Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35985", "GHSA-9942-r22v-78cp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4r56-jkdr-6bg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167730?format=api", "vulnerability_id": "VCID-4ugk-p8g3-wudu", "summary": "TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35983" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4", "reference_id": "5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35983", "reference_id": "CVE-2022-35983", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35983" }, { "reference_url": "https://github.com/advisories/GHSA-m6vp-8q9j-whx4", "reference_id": "GHSA-m6vp-8q9j-whx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vp-8q9j-whx4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", "reference_id": "GHSA-m6vp-8q9j-whx4", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35983", "GHSA-m6vp-8q9j-whx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ugk-p8g3-wudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167563?format=api", "vulnerability_id": "VCID-4y1h-6kgt-s7eq", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35967" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89", "reference_id": "49b3824d83af706df0ad07e4e677d88659756d89", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35967", "reference_id": "CVE-2022-35967", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35967" }, { "reference_url": "https://github.com/advisories/GHSA-v6h3-348g-6h5x", "reference_id": "GHSA-v6h3-348g-6h5x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6h3-348g-6h5x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", "reference_id": "GHSA-v6h3-348g-6h5x", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35967", "GHSA-v6h3-348g-6h5x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4y1h-6kgt-s7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167126?format=api", "vulnerability_id": "VCID-4yvv-9g6x-efgz", "summary": "TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33291", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33315", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33114", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36019" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36019", "reference_id": "CVE-2022-36019", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36019" }, { "reference_url": "https://github.com/advisories/GHSA-9j4v-pp28-mxv7", "reference_id": "GHSA-9j4v-pp28-mxv7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9j4v-pp28-mxv7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", "reference_id": "GHSA-9j4v-pp28-mxv7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36019", "GHSA-9j4v-pp28-mxv7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvv-9g6x-efgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211524?format=api", "vulnerability_id": "VCID-5gxh-jraz-qqgt", "summary": "`CHECK_EQ` fail via input in `SparseMatrixNNZ`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52459", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52336", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52478", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52465", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901", "reference_id": "CVE-2022-41901", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901" }, { "reference_url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "GHSA-g9fm-r5mm-rf9f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "GHSA-g9fm-r5mm-rf9f", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41901", "GHSA-g9fm-r5mm-rf9f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5gxh-jraz-qqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211358?format=api", "vulnerability_id": "VCID-6bnz-371j-guax", "summary": "TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35995" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35995", "reference_id": "CVE-2022-35995", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35995" }, { "reference_url": "https://github.com/advisories/GHSA-g9h5-vr8m-x2h4", "reference_id": "GHSA-g9h5-vr8m-x2h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9h5-vr8m-x2h4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", "reference_id": "GHSA-g9h5-vr8m-x2h4", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35995", "GHSA-g9h5-vr8m-x2h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bnz-371j-guax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172210?format=api", "vulnerability_id": "VCID-6d3g-yrc1-skgp", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35838", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35854", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35831", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35651", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891", "reference_id": "CVE-2022-41891", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde", "reference_id": "fc33f3dc4c14051a83eec6535b608abe1d355fde", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde" }, { "reference_url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "GHSA-66vq-54fq-6jvv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "GHSA-66vq-54fq-6jvv", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h", "reference_id": "list_kernels.h", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41891", "GHSA-66vq-54fq-6jvv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6d3g-yrc1-skgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15222?format=api", "vulnerability_id": "VCID-6d4y-v122-pffp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42894", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43062", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43072", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43053", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d", "reference_id": "1295ae4dbb52fe06b19733b0257e2340d7b63b8d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d" }, { "reference_url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25669", "GHSA-rcf8-g8jv-vg6p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6d4y-v122-pffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15233?format=api", "vulnerability_id": "VCID-6ujk-5hn7-g7dj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25161", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25361", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25376", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25359", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307", "reference_id": "ee50d1e00f81f62a4517453f721c634bbb478307", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307" }, { "reference_url": "https://github.com/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f49c-87jh-g47q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25801", "GHSA-f49c-87jh-g47q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ujk-5hn7-g7dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211359?format=api", "vulnerability_id": "VCID-774w-x7x9-8kdb", "summary": "TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.3494", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35119", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35118", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35142", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36005" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36005", "reference_id": "CVE-2022-36005", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36005" }, { "reference_url": "https://github.com/advisories/GHSA-r26c-679w-mrjm", "reference_id": "GHSA-r26c-679w-mrjm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r26c-679w-mrjm" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", "reference_id": "GHSA-r26c-679w-mrjm", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36005", "GHSA-r26c-679w-mrjm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-774w-x7x9-8kdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169321?format=api", "vulnerability_id": "VCID-7jnw-mvw8-qbcw", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28258", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2847", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28479", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28455", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29213" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73", "reference_id": "0a8a781e597b18ead006d19b7d23d0a369e9ad73", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55263", "reference_id": "55263", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55263" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/55274", "reference_id": "55274", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/pull/55274" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29213", "reference_id": "CVE-2022-29213", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29213" }, { "reference_url": "https://github.com/advisories/GHSA-5889-7v45-q28m", "reference_id": "GHSA-5889-7v45-q28m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5889-7v45-q28m" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m", "reference_id": "GHSA-5889-7v45-q28m", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29213", "GHSA-5889-7v45-q28m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jnw-mvw8-qbcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167776?format=api", "vulnerability_id": "VCID-7wvn-8q7d-rygt", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21815", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21801", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21828", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21627", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35968" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_id": "3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35968", "reference_id": "CVE-2022-35968", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35968" }, { "reference_url": "https://github.com/advisories/GHSA-2475-53vw-vp25", "reference_id": "GHSA-2475-53vw-vp25", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2475-53vw-vp25" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", "reference_id": "GHSA-2475-53vw-vp25", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35968", "GHSA-2475-53vw-vp25" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvn-8q7d-rygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211363?format=api", "vulnerability_id": "VCID-7yn3-qktg-17fv", "summary": "TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.45126", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44962", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.45112", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.45114", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36013" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36013", "reference_id": "CVE-2022-36013", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36013" }, { "reference_url": "https://github.com/advisories/GHSA-828c-5j5q-vrjq", "reference_id": "GHSA-828c-5j5q-vrjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-828c-5j5q-vrjq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", "reference_id": "GHSA-828c-5j5q-vrjq", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36013", "GHSA-828c-5j5q-vrjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yn3-qktg-17fv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167748?format=api", "vulnerability_id": "VCID-86qh-ufqm-subt", "summary": "TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44753", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44766", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44749", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44597", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35952" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2", "reference_id": "5f945fc6409a3c1e90d6970c9292f805f6e6ddf2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891", "reference_id": "batch_kernels.cc#L891", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35952", "reference_id": "CVE-2022-35952", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35952" }, { "reference_url": "https://github.com/advisories/GHSA-h5vq-gw2c-pq47", "reference_id": "GHSA-h5vq-gw2c-pq47", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5vq-gw2c-pq47" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", "reference_id": "GHSA-h5vq-gw2c-pq47", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35952", "GHSA-h5vq-gw2c-pq47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86qh-ufqm-subt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211350?format=api", "vulnerability_id": "VCID-89g9-7u28-s3hw", "summary": "TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14963", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14875", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14996", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14994", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35997" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35997", "reference_id": "CVE-2022-35997", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35997" }, { "reference_url": "https://github.com/advisories/GHSA-p7hr-f446-x6qf", "reference_id": "GHSA-p7hr-f446-x6qf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7hr-f446-x6qf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf", "reference_id": "GHSA-p7hr-f446-x6qf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35997", "GHSA-p7hr-f446-x6qf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89g9-7u28-s3hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210670?format=api", "vulnerability_id": "VCID-8h18-74sq-9uf1", "summary": "`CHECK` failure in depthwise ops via overflows", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b" }, { "reference_url": "https://github.com/advisories/GHSA-mw6j-hh29-h379", "reference_id": "GHSA-mw6j-hh29-h379", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mw6j-hh29-h379" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", "reference_id": "GHSA-mw6j-hh29-h379", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "GHSA-mw6j-hh29-h379", "GMS-2022-1528", "GMS-2022-1532", "GMS-2022-1536" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8h18-74sq-9uf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167571?format=api", "vulnerability_id": "VCID-8kp4-8t2v-rkfn", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35974" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613", "reference_id": "73ad1815ebcfeb7c051f9c2f7ab5024380ca8613", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35974", "reference_id": "CVE-2022-35974", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35974" }, { "reference_url": "https://github.com/advisories/GHSA-vgvh-2pf4-jr2x", "reference_id": "GHSA-vgvh-2pf4-jr2x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vgvh-2pf4-jr2x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", "reference_id": "GHSA-vgvh-2pf4-jr2x", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35974", "GHSA-vgvh-2pf4-jr2x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kp4-8t2v-rkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172267?format=api", "vulnerability_id": "VCID-8mbh-74v8-57bn", "summary": "TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3126", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31278", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31264", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31069", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889", "reference_id": "CVE-2022-41889", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce", "reference_id": "e9e95553e5411834d215e6770c81a83a3d0866ce", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "generate_box_proposals_op.cu.cc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "GHSA-xxcj-rhqg-m46g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "GHSA-xxcj-rhqg-m46g", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41889", "GHSA-xxcj-rhqg-m46g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mbh-74v8-57bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167609?format=api", "vulnerability_id": "VCID-8sbz-f5av-gkgh", "summary": "TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35982" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa", "reference_id": "40adbe4dd15b582b0210dfbf40c243a62f5119fa", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35982", "reference_id": "CVE-2022-35982", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35982" }, { "reference_url": "https://github.com/advisories/GHSA-397c-5g2j-qxpv", "reference_id": "GHSA-397c-5g2j-qxpv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-397c-5g2j-qxpv" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", "reference_id": "GHSA-397c-5g2j-qxpv", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35982", "GHSA-397c-5g2j-qxpv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sbz-f5av-gkgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169277?format=api", "vulnerability_id": "VCID-8w84-59y3-6qgd", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17633", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17784", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17809", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17794", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29199" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3150642acbbe254e3c3c5d2232143fa591855ac9", "reference_id": "3150642acbbe254e3c3c5d2232143fa591855ac9", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3150642acbbe254e3c3c5d2232143fa591855ac9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29199", "reference_id": "CVE-2022-29199", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29199" }, { "reference_url": "https://github.com/advisories/GHSA-p9rc-rmr5-529j", "reference_id": "GHSA-p9rc-rmr5-529j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9rc-rmr5-529j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p9rc-rmr5-529j", "reference_id": "GHSA-p9rc-rmr5-529j", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p9rc-rmr5-529j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98", "reference_id": "load_and_remap_matrix_op.cc#L70-L98", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29199", "GHSA-p9rc-rmr5-529j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8w84-59y3-6qgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169243?format=api", "vulnerability_id": "VCID-8ygv-ub5q-tug5", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17854", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18004", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18028", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18014", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29203" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "reference_id": "acd56b8bcb72b163c834ae4f18469047b001fadf", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29203", "reference_id": "CVE-2022-29203", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29203" }, { "reference_url": "https://github.com/advisories/GHSA-jjm6-4vf7-cjh4", "reference_id": "GHSA-jjm6-4vf7-cjh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjm6-4vf7-cjh4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4", "reference_id": "GHSA-jjm6-4vf7-cjh4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "tfsa-2021-198.md", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29203", "GHSA-jjm6-4vf7-cjh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ygv-ub5q-tug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169221?format=api", "vulnerability_id": "VCID-93t7-y91d-2fds", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17705", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17855", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1788", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17864", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29196" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88", "reference_id": "174c5096f303d5be7ed2ca2662b08371bff4ab88", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc", "reference_id": "conv_grad_ops_3d.cc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29196", "reference_id": "CVE-2022-29196", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29196" }, { "reference_url": "https://github.com/advisories/GHSA-5v77-j66x-4c4g", "reference_id": "GHSA-5v77-j66x-4c4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v77-j66x-4c4g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5v77-j66x-4c4g", "reference_id": "GHSA-5v77-j66x-4c4g", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5v77-j66x-4c4g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29196", "GHSA-5v77-j66x-4c4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93t7-y91d-2fds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169381?format=api", "vulnerability_id": "VCID-9egf-vt4b-mkfe", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20339", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20514", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20538", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20517", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29202" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55199", "reference_id": "55199", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55199" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310e", "reference_id": "bd4d5583ff9c8df26d47a23e508208844297310e", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29202", "reference_id": "CVE-2022-29202", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29202" }, { "reference_url": "https://github.com/advisories/GHSA-cwpm-f78v-7m5c", "reference_id": "GHSA-cwpm-f78v-7m5c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwpm-f78v-7m5c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwpm-f78v-7m5c", "reference_id": "GHSA-cwpm-f78v-7m5c", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwpm-f78v-7m5c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239", "reference_id": "ragged_factory_ops.py#L146-L239", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29202", "GHSA-cwpm-f78v-7m5c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9egf-vt4b-mkfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211361?format=api", "vulnerability_id": "VCID-9f7c-q4z8-akd7", "summary": "TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33291", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33114", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33315", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36003" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36003", "reference_id": "CVE-2022-36003", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36003" }, { "reference_url": "https://github.com/advisories/GHSA-cv2p-32v3-vhwq", "reference_id": "GHSA-cv2p-32v3-vhwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cv2p-32v3-vhwq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", "reference_id": "GHSA-cv2p-32v3-vhwq", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36003", "GHSA-cv2p-32v3-vhwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f7c-q4z8-akd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15212?format=api", "vulnerability_id": "VCID-aq4b-cxh4-pqgy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1702", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17161", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17188", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17176", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb", "reference_id": "ff459137c2716a2a60f7d441b855fcb466d778cb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb" }, { "reference_url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25658", "GHSA-68v3-g9cm-rmm6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aq4b-cxh4-pqgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169229?format=api", "vulnerability_id": "VCID-bd7h-dc5y-ybhx", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19636", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19805", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19829", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19811", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29204" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147", "reference_id": "20cb18724b0bf6c09071a3f53434c4eec53cc147", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943", "reference_id": "84563f265f28b3c36a15335c8b005d405260e943", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29204", "reference_id": "CVE-2022-29204", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29204" }, { "reference_url": "https://github.com/advisories/GHSA-hx9q-2mx4-m4pg", "reference_id": "GHSA-hx9q-2mx4-m4pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hx9q-2mx4-m4pg" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg", "reference_id": "GHSA-hx9q-2mx4-m4pg", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "tfsa-2021-198.md", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14", "reference_id": "unsorted_segment_join_op.cc#L83-L14", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29204", "GHSA-hx9q-2mx4-m4pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bd7h-dc5y-ybhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167777?format=api", "vulnerability_id": "VCID-bgms-c956-q3cv", "summary": "TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41026", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41038", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41016", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40849", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35940" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192", "reference_id": "37cefa91bee4eace55715eeef43720b958a01192", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35940", "reference_id": "CVE-2022-35940", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35940" }, { "reference_url": "https://github.com/advisories/GHSA-x989-q2pq-4q5x", "reference_id": "GHSA-x989-q2pq-4q5x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x989-q2pq-4q5x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", "reference_id": "GHSA-x989-q2pq-4q5x", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88", "reference_id": "ragged_range_op.cc#L74-L88", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35940", "GHSA-x989-q2pq-4q5x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgms-c956-q3cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167831?format=api", "vulnerability_id": "VCID-byq1-27p3-m7fq", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35973" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48", "reference_id": "aca766ac7693bf29ed0df55ad6bfcc78f35e7f48", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35973", "reference_id": "CVE-2022-35973", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35973" }, { "reference_url": "https://github.com/advisories/GHSA-689c-r7h2-fv9v", "reference_id": "GHSA-689c-r7h2-fv9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-689c-r7h2-fv9v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", "reference_id": "GHSA-689c-r7h2-fv9v", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35973", "GHSA-689c-r7h2-fv9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-byq1-27p3-m7fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15214?format=api", "vulnerability_id": "VCID-cp1r-46ub-8yg8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47322", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.4746", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47479", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47463", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1", "reference_id": "6d423b8bcc9aa9f5554dc988c1c16d038b508df1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1" }, { "reference_url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25660", "GHSA-qjqc-vqcf-5qvj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cp1r-46ub-8yg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172373?format=api", "vulnerability_id": "VCID-cs1n-e4ng-wbhu", "summary": "TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49307", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4932", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49302", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49164", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645", "reference_id": "9f03a9d3bafe902c1e6beb105b2f24172f238645", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908", "reference_id": "CVE-2022-41908", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908" }, { "reference_url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "GHSA-mv77-9g28-cwg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "GHSA-mv77-9g28-cwg3", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "py_func.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41908", "GHSA-mv77-9g28-cwg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs1n-e4ng-wbhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15216?format=api", "vulnerability_id": "VCID-css2-4pa4-87gx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43049", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43217", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43226", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43208", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a", "reference_id": "239139d2ae6a81ae9ba499ad78b56d9b2931538a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a" }, { "reference_url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25663", "GHSA-64jg-wjww-7c5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-css2-4pa4-87gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166993?format=api", "vulnerability_id": "VCID-cuak-225n-4fc5", "summary": "TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41026", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41038", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41016", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40849", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36015" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0", "reference_id": "37e64539cd29fcfb814c4451152a60f5d107b0f0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36015", "reference_id": "CVE-2022-36015", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36015" }, { "reference_url": "https://github.com/advisories/GHSA-rh87-q4vg-m45j", "reference_id": "GHSA-rh87-q4vg-m45j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rh87-q4vg-m45j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", "reference_id": "GHSA-rh87-q4vg-m45j", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc", "reference_id": "math_ops.cc", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36015", "GHSA-rh87-q4vg-m45j" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cuak-225n-4fc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167479?format=api", "vulnerability_id": "VCID-cy8p-kwfp-dfdz", "summary": "TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35981" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4", "reference_id": "8741e57d163a079db05a7107a7609af70931def4", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35981", "reference_id": "CVE-2022-35981", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35981" }, { "reference_url": "https://github.com/advisories/GHSA-vxv8-r8q2-63xw", "reference_id": "GHSA-vxv8-r8q2-63xw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxv8-r8q2-63xw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", "reference_id": "GHSA-vxv8-r8q2-63xw", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35981", "GHSA-vxv8-r8q2-63xw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy8p-kwfp-dfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167127?format=api", "vulnerability_id": "VCID-dgzu-rtcf-sfdc", "summary": "TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36017" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36017", "reference_id": "CVE-2022-36017", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36017" }, { "reference_url": "https://github.com/advisories/GHSA-wqmc-pm8c-2jhc", "reference_id": "GHSA-wqmc-pm8c-2jhc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqmc-pm8c-2jhc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", "reference_id": "GHSA-wqmc-pm8c-2jhc", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36017", "GHSA-wqmc-pm8c-2jhc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgzu-rtcf-sfdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211525?format=api", "vulnerability_id": "VCID-egjs-r2ed-hbfe", "summary": "Heap overflow in `QuantizeAndDequantizeV2`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55843", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55722", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55857", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910", "reference_id": "CVE-2022-41910", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910" }, { "reference_url": "https://github.com/advisories/GHSA-frqp-wp83-qggv", "reference_id": "GHSA-frqp-wp83-qggv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frqp-wp83-qggv" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", "reference_id": "GHSA-frqp-wp83-qggv", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41910", "GHSA-frqp-wp83-qggv", "GMS-2022-6997", "GMS-2022-7005", "GMS-2022-7013" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egjs-r2ed-hbfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15227?format=api", "vulnerability_id": "VCID-esen-w1rc-73du", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60511", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60619", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60627", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60616", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "728113a3be690facad6ce436660a0bc1858017fa", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://github.com/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf97-q72m-7579" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25674", "GHSA-gf97-q72m-7579" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esen-w1rc-73du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15217?format=api", "vulnerability_id": "VCID-f186-75wf-3bd5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25609", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25807", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25824", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25808", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b", "reference_id": "ddaac2bdd099bec5d7923dea45276a7558217e5b", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b" }, { "reference_url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25664", "GHSA-6hg6-5c2q-7rcr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f186-75wf-3bd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169425?format=api", "vulnerability_id": "VCID-f3tp-9q7p-7ycd", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33242", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33424", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33444", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29208" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7", "reference_id": "30721cf564cb029d34535446d6a5a6357bebc8e7", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29208", "reference_id": "CVE-2022-29208", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29208" }, { "reference_url": "https://github.com/advisories/GHSA-2r2f-g8mw-9gvr", "reference_id": "GHSA-2r2f-g8mw-9gvr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2r2f-g8mw-9gvr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr", "reference_id": "GHSA-2r2f-g8mw-9gvr", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29208", "GHSA-2r2f-g8mw-9gvr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f3tp-9q7p-7ycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172284?format=api", "vulnerability_id": "VCID-f522-fb48-b3gc", "summary": "TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4161", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4162", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41602", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41436", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98", "reference_id": "cf35502463a88ca7185a99daa7031df60b3c1c98", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888", "reference_id": "CVE-2022-41888", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "generate_box_proposals_op.cu.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "GHSA-6x99-gv2v-q76v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "GHSA-6x99-gv2v-q76v", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41888", "GHSA-6x99-gv2v-q76v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f522-fb48-b3gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15226?format=api", "vulnerability_id": "VCID-fujj-xc7u-ducv", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51669", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51795", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.5181", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51798", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "728113a3be690facad6ce436660a0bc1858017fa", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://github.com/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-647v-r7qq-24fh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25673", "GHSA-647v-r7qq-24fh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fujj-xc7u-ducv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169365?format=api", "vulnerability_id": "VCID-gdrm-e3tn-z3hk", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34237", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3444", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34415", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29192" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58", "reference_id": "098e7762d909bac47ce1dbabe6dfd06294cb9d58", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29192", "reference_id": "CVE-2022-29192", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29192" }, { "reference_url": "https://github.com/advisories/GHSA-h2wq-prv9-2f56", "reference_id": "GHSA-h2wq-prv9-2f56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2wq-prv9-2f56" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h2wq-prv9-2f56", "reference_id": "GHSA-h2wq-prv9-2f56", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h2wq-prv9-2f56" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226", "reference_id": "quantize_and_dequantize_op.cc#L148-L226", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29192", "GHSA-h2wq-prv9-2f56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdrm-e3tn-z3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172243?format=api", "vulnerability_id": "VCID-gkxw-ufq4-2ffz", "summary": "TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35838", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35854", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35831", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35651", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860", "reference_id": "39ec7eaf1428e90c37787e5b3fbd68ebd3c48860", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896", "reference_id": "CVE-2022-41896", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896" }, { "reference_url": "https://github.com/advisories/GHSA-rmg2-f698-wq35", "reference_id": "GHSA-rmg2-f698-wq35", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmg2-f698-wq35" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", "reference_id": "GHSA-rmg2-f698-wq35", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", "reference_id": "mirror_pad_op.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41896", "GHSA-rmg2-f698-wq35" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkxw-ufq4-2ffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15223?format=api", "vulnerability_id": "VCID-hp3e-kt3d-ykfr", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47322", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.4746", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47479", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47463", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727", "reference_id": "8a47a39d9697969206d23a523c977238717e8727", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727" }, { "reference_url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25670", "GHSA-49rq-hwc3-x77w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hp3e-kt3d-ykfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211364?format=api", "vulnerability_id": "VCID-hs24-1u1m-7qbh", "summary": "TensorFlow vulnerable to `CHECK` fail in `Unbatch`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33291", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33114", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33315", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36002" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36002", "reference_id": "CVE-2022-36002", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36002" }, { "reference_url": "https://github.com/advisories/GHSA-mh3m-62v7-68xg", "reference_id": "GHSA-mh3m-62v7-68xg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mh3m-62v7-68xg" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", "reference_id": "GHSA-mh3m-62v7-68xg", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36002", "GHSA-mh3m-62v7-68xg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs24-1u1m-7qbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211523?format=api", "vulnerability_id": "VCID-j4sc-7ycd-vkc4", "summary": "FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01207", "scoring_system": "epss", "scoring_elements": "0.79443", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01207", "scoring_system": "epss", "scoring_elements": "0.79366", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01207", "scoring_system": "epss", "scoring_elements": "0.79433", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01207", "scoring_system": "epss", "scoring_elements": "0.79447", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900", "reference_id": "CVE-2022-41900", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900" }, { "reference_url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "GHSA-xvwp-h6jv-7472", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "GHSA-xvwp-h6jv-7472", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41900", "GHSA-xvwp-h6jv-7472" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4sc-7ycd-vkc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167502?format=api", "vulnerability_id": "VCID-j5b6-r9b1-17a6", "summary": "TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41026", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41038", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41016", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40849", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35941" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_id": "3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98", "reference_id": "avgpooling_op.cc#L56-L98", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35941", "reference_id": "CVE-2022-35941", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35941" }, { "reference_url": "https://github.com/advisories/GHSA-mgmh-g2v6-mqw5", "reference_id": "GHSA-mgmh-g2v6-mqw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mgmh-g2v6-mqw5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", "reference_id": "GHSA-mgmh-g2v6-mqw5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26589?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.2" } ], "aliases": [ "CVE-2022-35941", "GHSA-mgmh-g2v6-mqw5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5b6-r9b1-17a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167780?format=api", "vulnerability_id": "VCID-jb5e-3br8-nyau", "summary": "TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33315", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33291", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33114", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35990" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990", "reference_id": "CVE-2022-35990", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed", "reference_id": "f3cf67ac5705f4f04721d15e485e192bb319feed", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:52Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed" }, { "reference_url": "https://github.com/advisories/GHSA-h7ff-cfc9-wmmh", "reference_id": "GHSA-h7ff-cfc9-wmmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7ff-cfc9-wmmh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", "reference_id": "GHSA-h7ff-cfc9-wmmh", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:52Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35990", "GHSA-h7ff-cfc9-wmmh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jb5e-3br8-nyau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15221?format=api", "vulnerability_id": "VCID-jc4n-4jfy-x7ez", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81308", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81376", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81369", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb", "reference_id": "7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb" }, { "reference_url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25668", "GHSA-gw97-ff7c-9v96" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc4n-4jfy-x7ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167827?format=api", "vulnerability_id": "VCID-jg52-1he8-muhq", "summary": "TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35999" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346", "reference_id": "27a65a43cf763897fecfa5cdb5cc653fc5dd0346", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35999", "reference_id": "CVE-2022-35999", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35999" }, { "reference_url": "https://github.com/advisories/GHSA-37jf-mjv6-xfqw", "reference_id": "GHSA-37jf-mjv6-xfqw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37jf-mjv6-xfqw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", "reference_id": "GHSA-37jf-mjv6-xfqw", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35999", "GHSA-37jf-mjv6-xfqw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jg52-1he8-muhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211528?format=api", "vulnerability_id": "VCID-jgys-5pnb-tkfk", "summary": "`CHECK` failure in `SobolSample` via missing validation", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "GHSA-cqvq-fvhr-v6hc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "GHSA-cqvq-fvhr-v6hc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "GHSA-cqvq-fvhr-v6hc", "GMS-2022-6996", "GMS-2022-7004", "GMS-2022-7012" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgys-5pnb-tkfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211519?format=api", "vulnerability_id": "VCID-jhgz-re77-hkf5", "summary": "Seg fault in `ndarray_tensor_bridge` due to zero and large inputs", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35377", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35199", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3538", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35401", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884", "reference_id": "CVE-2022-41884", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884" }, { "reference_url": "https://github.com/advisories/GHSA-jq6x-99hj-q636", "reference_id": "GHSA-jq6x-99hj-q636", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jq6x-99hj-q636" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", "reference_id": "GHSA-jq6x-99hj-q636", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41884", "GHSA-jq6x-99hj-q636" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhgz-re77-hkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211368?format=api", "vulnerability_id": "VCID-jw7z-91u8-23b4", "summary": "TensorFlow vulnerable to `CHECK` fail in `CollectiveGather`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12808", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12726", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12817", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12827", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35994" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35994", "reference_id": "CVE-2022-35994", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35994" }, { "reference_url": "https://github.com/advisories/GHSA-fhfc-2q7x-929f", "reference_id": "GHSA-fhfc-2q7x-929f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhfc-2q7x-929f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", "reference_id": "GHSA-fhfc-2q7x-929f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35994", "GHSA-fhfc-2q7x-929f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jw7z-91u8-23b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169317?format=api", "vulnerability_id": "VCID-jwbd-47ef-xqa1", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26143", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26341", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26356", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26344", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29209" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55530", "reference_id": "55530", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55530" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/55730", "reference_id": "55730", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/pull/55730" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1", "reference_id": "b917181c29b50cb83399ba41f4d938dc369109a1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29209", "reference_id": "CVE-2022-29209", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29209" }, { "reference_url": "https://github.com/advisories/GHSA-f4rr-5m7v-wxcw", "reference_id": "GHSA-f4rr-5m7v-wxcw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4rr-5m7v-wxcw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw", "reference_id": "GHSA-f4rr-5m7v-wxcw", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h", "reference_id": "logging.h", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29209", "GHSA-f4rr-5m7v-wxcw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwbd-47ef-xqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167722?format=api", "vulnerability_id": "VCID-k3fc-akkc-eyce", "summary": "TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35984" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51", "reference_id": "72180be03447a10810edca700cbc9af690dfeb51", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:03Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35984", "reference_id": "CVE-2022-35984", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35984" }, { "reference_url": "https://github.com/advisories/GHSA-p2xf-8hgm-hpw5", "reference_id": "GHSA-p2xf-8hgm-hpw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2xf-8hgm-hpw5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", "reference_id": "GHSA-p2xf-8hgm-hpw5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:03Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35984", "GHSA-p2xf-8hgm-hpw5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3fc-akkc-eyce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167523?format=api", "vulnerability_id": "VCID-k47c-gnm9-xugu", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35966" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622", "reference_id": "7cdf9d4d2083b739ec81cfdace546b0c99f50622", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35966", "reference_id": "CVE-2022-35966", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35966" }, { "reference_url": "https://github.com/advisories/GHSA-4w68-4x85-mjj9", "reference_id": "GHSA-4w68-4x85-mjj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4w68-4x85-mjj9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", "reference_id": "GHSA-4w68-4x85-mjj9", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35966", "GHSA-4w68-4x85-mjj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k47c-gnm9-xugu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167803?format=api", "vulnerability_id": "VCID-kmfz-a4y6-5fc8", "summary": "TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31653", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31654", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31671", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31462", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35937" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196", "reference_id": "595a65a3e224a0362d7e68c2213acfc2b499a196", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35937", "reference_id": "CVE-2022-35937", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35937" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111", "reference_id": "gather_nd.cc#L105-L111", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111" }, { "reference_url": "https://github.com/advisories/GHSA-pxrw-j2fv-hx3h", "reference_id": "GHSA-pxrw-j2fv-hx3h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pxrw-j2fv-hx3h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", "reference_id": "GHSA-pxrw-j2fv-hx3h", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35937", "GHSA-pxrw-j2fv-hx3h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmfz-a4y6-5fc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169377?format=api", "vulnerability_id": "VCID-kzzh-afnu-dqef", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31181", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31391", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31373", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29216" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", "reference_id": "8b202f08d52e8206af2bdb2112a62fafbc546ec7", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac", "reference_id": "c5da7af048611aa29e9382371f0aed5018516cac", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29216", "reference_id": "CVE-2022-29216", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29216" }, { "reference_url": "https://github.com/advisories/GHSA-75c9-jrh4-79mc", "reference_id": "GHSA-75c9-jrh4-79mc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75c9-jrh4-79mc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc", "reference_id": "GHSA-75c9-jrh4-79mc", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574", "reference_id": "saved_model_cli.py#L566-L574", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29216", "GHSA-75c9-jrh4-79mc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzzh-afnu-dqef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163788?format=api", "vulnerability_id": "VCID-mawu-qayq-5uhc", "summary": "Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47347", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47328", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47332", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47192", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23590" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439", "reference_id": "955059813cc325dc1db5e2daa6221271406d4439", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23590", "reference_id": "CVE-2022-23590", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23590" }, { "reference_url": "https://github.com/advisories/GHSA-pqrv-8r2f-7278", "reference_id": "GHSA-pqrv-8r2f-7278", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqrv-8r2f-7278" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278", "reference_id": "GHSA-pqrv-8r2f-7278", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567", "reference_id": "graph.cc#L560-L567", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23590", "CVE-2022-23590", "GHSA-pqrv-8r2f-7278", "PYSEC-2022-154", "PYSEC-2022-99" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mawu-qayq-5uhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167605?format=api", "vulnerability_id": "VCID-mhv5-aphc-cfhn", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35969" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c", "reference_id": "50156d547b9a1da0144d7babe665cf690305b33c", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35969", "reference_id": "CVE-2022-35969", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35969" }, { "reference_url": "https://github.com/advisories/GHSA-q2c3-jpmc-gfjx", "reference_id": "GHSA-q2c3-jpmc-gfjx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2c3-jpmc-gfjx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", "reference_id": "GHSA-q2c3-jpmc-gfjx", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35969", "GHSA-q2c3-jpmc-gfjx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhv5-aphc-cfhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15215?format=api", "vulnerability_id": "VCID-mjz8-5aee-8bhn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35734", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3575", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3573", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c", "reference_id": "08b8e18643d6dcde00890733b270ff8d9960c56c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c" }, { "reference_url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25662", "GHSA-7jvm-xxmr-v5cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjz8-5aee-8bhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211527?format=api", "vulnerability_id": "VCID-n8np-2f5x-abd4", "summary": "`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/advisories/GHSA-xf83-q765-xm6m", "reference_id": "GHSA-xf83-q765-xm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf83-q765-xm6m" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m", "reference_id": "GHSA-xf83-q765-xm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "GHSA-xf83-q765-xm6m", "GMS-2022-7001", "GMS-2022-7009", "GMS-2022-7017" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8np-2f5x-abd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167050?format=api", "vulnerability_id": "VCID-nktb-w1uc-zygy", "summary": "TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61243", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61247", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61238", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61132", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36016" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012", "reference_id": "6104f0d4091c260ce9352f9155f7e9b725eab012", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36016", "reference_id": "CVE-2022-36016", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36016" }, { "reference_url": "https://github.com/advisories/GHSA-g468-qj8g-vcjc", "reference_id": "GHSA-g468-qj8g-vcjc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g468-qj8g-vcjc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", "reference_id": "GHSA-g468-qj8g-vcjc", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc", "reference_id": "math_ops.cc", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36016", "GHSA-g468-qj8g-vcjc" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nktb-w1uc-zygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15220?format=api", "vulnerability_id": "VCID-p36a-eb5k-rqgu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43672", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43839", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4385", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43828", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d", "reference_id": "8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d" }, { "reference_url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25667", "GHSA-fqm2-gh8w-gr68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p36a-eb5k-rqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167516?format=api", "vulnerability_id": "VCID-pdfh-953s-skhm", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35970" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35970", "reference_id": "CVE-2022-35970", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35970" }, { "reference_url": "https://github.com/advisories/GHSA-g35r-369w-3fqp", "reference_id": "GHSA-g35r-369w-3fqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g35r-369w-3fqp" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", "reference_id": "GHSA-g35r-369w-3fqp", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35970", "GHSA-g35r-369w-3fqp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdfh-953s-skhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211356?format=api", "vulnerability_id": "VCID-pgc2-gukr-r3dg", "summary": "TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5669", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56555", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56678", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56675", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36014" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36014", "reference_id": "CVE-2022-36014", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36014" }, { "reference_url": "https://github.com/advisories/GHSA-7j3m-8g3c-9qqq", "reference_id": "GHSA-7j3m-8g3c-9qqq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j3m-8g3c-9qqq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", "reference_id": "GHSA-7j3m-8g3c-9qqq", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36014", "GHSA-7j3m-8g3c-9qqq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgc2-gukr-r3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167838?format=api", "vulnerability_id": "VCID-pmvu-stzf-eqet", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35979" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89", "reference_id": "49b3824d83af706df0ad07e4e677d88659756d89", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35979", "reference_id": "CVE-2022-35979", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35979" }, { "reference_url": "https://github.com/advisories/GHSA-v7vw-577f-vp8x", "reference_id": "GHSA-v7vw-577f-vp8x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7vw-577f-vp8x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", "reference_id": "GHSA-v7vw-577f-vp8x", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35979", "GHSA-v7vw-577f-vp8x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmvu-stzf-eqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15303?format=api", "vulnerability_id": "VCID-pr47-unnv-d7a9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42894", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43062", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43072", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43053", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa", "reference_id": "34f8368c535253f5c9cb3a303297743b62442aaa", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa" }, { "reference_url": "https://github.com/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5w96-866f-6rm8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-27579", "GHSA-5w96-866f-6rm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr47-unnv-d7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211365?format=api", "vulnerability_id": "VCID-q17s-hqkj-kkht", "summary": "TensorFlow vulnerable to null dereference on MLIR on empty function attributes", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22842", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22655", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2285", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22862", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36000" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36000", "reference_id": "CVE-2022-36000", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36000" }, { "reference_url": "https://github.com/advisories/GHSA-fqxc-pvf8-2w9v", "reference_id": "GHSA-fqxc-pvf8-2w9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqxc-pvf8-2w9v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", "reference_id": "GHSA-fqxc-pvf8-2w9v", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36000", "GHSA-fqxc-pvf8-2w9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q17s-hqkj-kkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172217?format=api", "vulnerability_id": "VCID-r7qz-zsk3-sqaq", "summary": "TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36709", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3672", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36696", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36516", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508", "reference_id": "1be743703279782a357adbf9b77dcb994fe8b508", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911", "reference_id": "CVE-2022-41911", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911" }, { "reference_url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "GHSA-pf36-r9c6-h97j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "GHSA-pf36-r9c6-h97j", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227", "reference_id": "tensor.cc#L1200-L1227", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41911", "GHSA-pf36-r9c6-h97j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7qz-zsk3-sqaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167614?format=api", "vulnerability_id": "VCID-r9t6-8fdd-hbab", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35972" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35972", "reference_id": "CVE-2022-35972", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35972" }, { "reference_url": "https://github.com/advisories/GHSA-4pc4-m9mj-v2r9", "reference_id": "GHSA-4pc4-m9mj-v2r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pc4-m9mj-v2r9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", "reference_id": "GHSA-4pc4-m9mj-v2r9", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35972", "GHSA-4pc4-m9mj-v2r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9t6-8fdd-hbab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167711?format=api", "vulnerability_id": "VCID-rasj-1k6m-1yce", "summary": "TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35989" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18", "reference_id": "32d7bd3defd134f21a4e344c8dfd40099aaf6b18", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35989", "reference_id": "CVE-2022-35989", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35989" }, { "reference_url": "https://github.com/advisories/GHSA-j43h-pgmg-5hjq", "reference_id": "GHSA-j43h-pgmg-5hjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j43h-pgmg-5hjq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", "reference_id": "GHSA-j43h-pgmg-5hjq", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35989", "GHSA-j43h-pgmg-5hjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rasj-1k6m-1yce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169366?format=api", "vulnerability_id": "VCID-ryrd-4pn5-4ugh", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18525", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18682", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18705", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18688", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29205" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9", "reference_id": "237822b59fc504dda2c564787f5d3ad9c4aa62d9", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205", "reference_id": "CVE-2022-29205", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205" }, { "reference_url": "https://github.com/advisories/GHSA-54ch-gjq5-4976", "reference_id": "GHSA-54ch-gjq5-4976", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54ch-gjq5-4976" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976", "reference_id": "GHSA-54ch-gjq5-4976", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320", "reference_id": "pywrap_tfe_src.cc#L296-L320", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482", "reference_id": "pywrap_tfe_src.cc#L480-L482", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29205", "GHSA-54ch-gjq5-4976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryrd-4pn5-4ugh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172173?format=api", "vulnerability_id": "VCID-se4m-gfvh-sbds", "summary": "TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34586", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34606", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34582", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34405", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5", "reference_id": "8310bf8dd188ff780e7fc53245058215a05bdbe5", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h", "reference_id": "bcast.h", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890", "reference_id": "CVE-2022-41890", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890" }, { "reference_url": "https://github.com/advisories/GHSA-h246-cgh4-7475", "reference_id": "GHSA-h246-cgh4-7475", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h246-cgh4-7475" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", "reference_id": "GHSA-h246-cgh4-7475", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41890", "GHSA-h246-cgh4-7475" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-se4m-gfvh-sbds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172464?format=api", "vulnerability_id": "VCID-skd4-mkp3-ukef", "summary": "TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39492", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39503", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39478", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39308", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4", "reference_id": "b389f5c944cadfdfe599b3f1e4026e036f30d2d4", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc", "reference_id": "candidate_sampler_ops.cc", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880", "reference_id": "CVE-2022-41880", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880" }, { "reference_url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "GHSA-8w5g-3wcv-9g2j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "GHSA-8w5g-3wcv-9g2j", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41880", "GHSA-8w5g-3wcv-9g2j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-skd4-mkp3-ukef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211371?format=api", "vulnerability_id": "VCID-swe6-wcg7-5bgw", "summary": "TensorFlow vulnerable to `CHECK` fail in `SetSize`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35993" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35993", "reference_id": "CVE-2022-35993", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35993" }, { "reference_url": "https://github.com/advisories/GHSA-wq6q-6m32-9rv9", "reference_id": "GHSA-wq6q-6m32-9rv9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq6q-6m32-9rv9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", "reference_id": "GHSA-wq6q-6m32-9rv9", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35993", "GHSA-wq6q-6m32-9rv9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swe6-wcg7-5bgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167809?format=api", "vulnerability_id": "VCID-szqg-mqkc-eqa7", "summary": "TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43492", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43501", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43481", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43324", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35960" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7", "reference_id": "b5f6fbfba76576202b72119897561e3bd4f179c7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35960", "reference_id": "CVE-2022-35960", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35960" }, { "reference_url": "https://github.com/advisories/GHSA-v5xg-3q2c-c2r4", "reference_id": "GHSA-v5xg-3q2c-c2r4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5xg-3q2c-c2r4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", "reference_id": "GHSA-v5xg-3q2c-c2r4", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325", "reference_id": "list_kernels.cc#L322-L325", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35960", "GHSA-v5xg-3q2c-c2r4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szqg-mqkc-eqa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169253?format=api", "vulnerability_id": "VCID-t5p3-jcbx-hfg7", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27377", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2759", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27606", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2758", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29211" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/45770", "reference_id": "45770", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/45770" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29211", "reference_id": "CVE-2022-29211", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29211" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5", "reference_id": "e57fd691c7b0fd00ea3bfe43444f30c1969748b5", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5" }, { "reference_url": "https://github.com/advisories/GHSA-xrp2-fhq4-4q3w", "reference_id": "GHSA-xrp2-fhq4-4q3w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrp2-fhq4-4q3w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w", "reference_id": "GHSA-xrp2-fhq4-4q3w", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc", "reference_id": "histogram_op.cc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74", "reference_id": "histogram_op.cc#L35-L74", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29211", "GHSA-xrp2-fhq4-4q3w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5p3-jcbx-hfg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166941?format=api", "vulnerability_id": "VCID-t8ye-2bn9-qkg1", "summary": "TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33315", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33291", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33114", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36001" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36001", "reference_id": "CVE-2022-36001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36001" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11", "reference_id": "da0d65cdc1270038e72157ba35bf74b85d9bda11", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11" }, { "reference_url": "https://github.com/advisories/GHSA-jqm7-m5q7-3hm5", "reference_id": "GHSA-jqm7-m5q7-3hm5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jqm7-m5q7-3hm5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", "reference_id": "GHSA-jqm7-m5q7-3hm5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36001", "GHSA-jqm7-m5q7-3hm5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8ye-2bn9-qkg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172302?format=api", "vulnerability_id": "VCID-tn91-effk-ukcs", "summary": "TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35838", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35854", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35831", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35651", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8", "reference_id": "af4a6a3c8b95022c351edae94560acc61253a1b8", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898", "reference_id": "CVE-2022-41898", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898" }, { "reference_url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "GHSA-hq7g-wwwp-q46h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "GHSA-hq7g-wwwp-q46h", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc", "reference_id": "sparse_fill_empty_rows_op_gpu.cu.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41898", "GHSA-hq7g-wwwp-q46h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tn91-effk-ukcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167593?format=api", "vulnerability_id": "VCID-tyjm-zqv9-gbft", "summary": "TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35987" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43", "reference_id": "bf4c14353c2328636a18bfad1e151052c81d5f43", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987", "reference_id": "CVE-2022-35987", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987" }, { "reference_url": "https://github.com/advisories/GHSA-w62h-8xjm-fv49", "reference_id": "GHSA-w62h-8xjm-fv49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w62h-8xjm-fv49" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", "reference_id": "GHSA-w62h-8xjm-fv49", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35987", "GHSA-w62h-8xjm-fv49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tyjm-zqv9-gbft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167596?format=api", "vulnerability_id": "VCID-udh3-v17y-63c4", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12827", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12808", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12817", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12726", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35964" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa", "reference_id": "2a458fc4866505be27c62f81474ecb2b870498fa", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35964", "reference_id": "CVE-2022-35964", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35964" }, { "reference_url": "https://github.com/advisories/GHSA-f7r5-q7cx-h668", "reference_id": "GHSA-f7r5-q7cx-h668", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7r5-q7cx-h668" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", "reference_id": "GHSA-f7r5-q7cx-h668", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35964", "GHSA-f7r5-q7cx-h668" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udh3-v17y-63c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172394?format=api", "vulnerability_id": "VCID-unkw-ckgc-yqgv", "summary": "TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35488", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35504", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35482", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897", "reference_id": "CVE-2022-41897", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927", "reference_id": "d71090c3e5ca325bdf4b02eb236cfb3ee823e927", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc", "reference_id": "fractional_max_pool_op.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc" }, { "reference_url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "GHSA-f2w8-jw48-fr7j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "GHSA-f2w8-jw48-fr7j", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41897", "GHSA-f2w8-jw48-fr7j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-unkw-ckgc-yqgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15228?format=api", "vulnerability_id": "VCID-v1bb-9jk5-9kfw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42894", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43062", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43072", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43053", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf", "reference_id": "8ae76cf085f4be26295d2ecf2081e759e04b8acf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf" }, { "reference_url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25675", "GHSA-7x4v-9gxg-9hwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1bb-9jk5-9kfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169346?format=api", "vulnerability_id": "VCID-v2r1-wbmd-d7a1", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17705", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17855", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1788", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17864", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29198" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29198", "reference_id": "CVE-2022-29198", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29198" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ea50a40e84f6bff15a0912728e35b657548cef11", "reference_id": "ea50a40e84f6bff15a0912728e35b657548cef11", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ea50a40e84f6bff15a0912728e35b657548cef11" }, { "reference_url": "https://github.com/advisories/GHSA-mg66-qvc5-rm93", "reference_id": "GHSA-mg66-qvc5-rm93", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg66-qvc5-rm93" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mg66-qvc5-rm93", "reference_id": "GHSA-mg66-qvc5-rm93", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mg66-qvc5-rm93" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119", "reference_id": "sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29198", "GHSA-mg66-qvc5-rm93" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2r1-wbmd-d7a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15219?format=api", "vulnerability_id": "VCID-ve91-saat-hkeb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17157", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17309", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17336", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1732", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14", "reference_id": "d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14" }, { "reference_url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25666", "GHSA-f637-vh3r-vfh2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve91-saat-hkeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169424?format=api", "vulnerability_id": "VCID-vg3v-hjcr-uqc9", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15989", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16106", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16139", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1613", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29193" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29193" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/290bb05c80c327ed74fae1d089f1001b1e2a4ef7", "reference_id": "290bb05c80c327ed74fae1d089f1001b1e2a4ef7", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/290bb05c80c327ed74fae1d089f1001b1e2a4ef7" }, { "reference_url": "https://github.com/advisories/GHSA-2p9q-h29j-3f5v", "reference_id": "GHSA-2p9q-h29j-3f5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p9q-h29j-3f5v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p9q-h29j-3f5v", "reference_id": "GHSA-2p9q-h29j-3f5v", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p9q-h29j-3f5v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/summary_tensor_op.cc#L33-L58", "reference_id": "summary_tensor_op.cc#L33-L58", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/summary_tensor_op.cc#L33-L58" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29193", "GHSA-2p9q-h29j-3f5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vg3v-hjcr-uqc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211357?format=api", "vulnerability_id": "VCID-vsep-b318-4ffr", "summary": "TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33269", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33091", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33293", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33273", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36004" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36004", "reference_id": "CVE-2022-36004", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36004" }, { "reference_url": "https://github.com/advisories/GHSA-mv8m-8x97-937q", "reference_id": "GHSA-mv8m-8x97-937q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv8m-8x97-937q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", "reference_id": "GHSA-mv8m-8x97-937q", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36004", "GHSA-mv8m-8x97-937q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsep-b318-4ffr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169326?format=api", "vulnerability_id": "VCID-vw5d-2grk-fufy", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17705", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17855", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1788", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17864", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29200" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a", "reference_id": "803404044ae7a1efac48ba82d74111fce1ddb09a", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29200", "reference_id": "CVE-2022-29200", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29200" }, { "reference_url": "https://github.com/advisories/GHSA-2vv3-56qg-g2cf", "reference_id": "GHSA-2vv3-56qg-g2cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2vv3-56qg-g2cf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf", "reference_id": "GHSA-2vv3-56qg-g2cf", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc", "reference_id": "lstm_ops.cc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29200", "GHSA-2vv3-56qg-g2cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vw5d-2grk-fufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169338?format=api", "vulnerability_id": "VCID-w4fy-epnu-5qhr", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17633", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17784", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17809", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17794", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29195" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb", "reference_id": "cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29195", "reference_id": "CVE-2022-29195", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29195" }, { "reference_url": "https://github.com/advisories/GHSA-h48f-q7rw-hvr7", "reference_id": "GHSA-h48f-q7rw-hvr7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h48f-q7rw-hvr7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h48f-q7rw-hvr7", "reference_id": "GHSA-h48f-q7rw-hvr7", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h48f-q7rw-hvr7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26", "reference_id": "stage_op.cc#L26", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29195", "GHSA-h48f-q7rw-hvr7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4fy-epnu-5qhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167077?format=api", "vulnerability_id": "VCID-w66u-chbb-j3dr", "summary": "TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50602", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50616", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50598", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50464", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36027" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/53767", "reference_id": "53767", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/53767" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450", "reference_id": "aa0b852a4588cea4d36b74feb05d93055540b450", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36027", "reference_id": "CVE-2022-36027", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36027" }, { "reference_url": "https://github.com/advisories/GHSA-79h2-q768-fpxr", "reference_id": "GHSA-79h2-q768-fpxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-79h2-q768-fpxr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", "reference_id": "GHSA-79h2-q768-fpxr", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36027", "GHSA-79h2-q768-fpxr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w66u-chbb-j3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169397?format=api", "vulnerability_id": "VCID-w9te-1qez-xkbc", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23119", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23305", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23327", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23314", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29206" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/11ced8467eccad9c7cb94867708be8fa5c66c730", "reference_id": "11ced8467eccad9c7cb94867708be8fa5c66c730", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/11ced8467eccad9c7cb94867708be8fa5c66c730" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29206", "reference_id": "CVE-2022-29206", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29206" }, { "reference_url": "https://github.com/advisories/GHSA-rc9w-5c64-9vqq", "reference_id": "GHSA-rc9w-5c64-9vqq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rc9w-5c64-9vqq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rc9w-5c64-9vqq", "reference_id": "GHSA-rc9w-5c64-9vqq", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rc9w-5c64-9vqq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse_tensor_dense_add_op.cc", "reference_id": "sparse_tensor_dense_add_op.cc", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse_tensor_dense_add_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29206", "GHSA-rc9w-5c64-9vqq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9te-1qez-xkbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211362?format=api", "vulnerability_id": "VCID-wbyv-qzpx-ebfk", "summary": "TensorFlow vulnerable to null dereference on MLIR on empty function attributes", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22842", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22655", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2285", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22862", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36011" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36011", "reference_id": "CVE-2022-36011", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36011" }, { "reference_url": "https://github.com/advisories/GHSA-fv43-93gv-vm8f", "reference_id": "GHSA-fv43-93gv-vm8f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv43-93gv-vm8f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", "reference_id": "GHSA-fv43-93gv-vm8f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36011", "GHSA-fv43-93gv-vm8f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbyv-qzpx-ebfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169301?format=api", "vulnerability_id": "VCID-wxuj-p9gb-hucm", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28258", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2847", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28479", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28455", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29212" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/43661", "reference_id": "43661", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/43661" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8", "reference_id": "a989426ee1346693cc015792f11d715f6944f2b8", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29212", "reference_id": "CVE-2022-29212", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29212" }, { "reference_url": "https://github.com/advisories/GHSA-8wwm-6264-x792", "reference_id": "GHSA-8wwm-6264-x792", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wwm-6264-x792" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792", "reference_id": "GHSA-8wwm-6264-x792", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123", "reference_id": "quantization_util.cc#L114-L123", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29212", "GHSA-8wwm-6264-x792" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxuj-p9gb-hucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172132?format=api", "vulnerability_id": "VCID-x2kn-8qsj-pbcs", "summary": "TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60883", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60887", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60877", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60771", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d", "reference_id": "660ce5a89eb6766834bdc303d2ab3902aef99d3d", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971", "reference_id": "bf594d08d377dc6a3354d9fdb494b32d45f91971", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909", "reference_id": "CVE-2022-41909", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909" }, { "reference_url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "GHSA-rjx6-v474-2ch9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "GHSA-rjx6-v474-2ch9", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "py_func.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41909", "GHSA-rjx6-v474-2ch9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2kn-8qsj-pbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167569?format=api", "vulnerability_id": "VCID-x9d4-r747-pugg", "summary": "TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35971" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:30Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35971", "reference_id": "CVE-2022-35971", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35971" }, { "reference_url": "https://github.com/advisories/GHSA-9fpg-838v-wpv7", "reference_id": "GHSA-9fpg-838v-wpv7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fpg-838v-wpv7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", "reference_id": "GHSA-9fpg-838v-wpv7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:30Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35971", "GHSA-9fpg-838v-wpv7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9d4-r747-pugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172221?format=api", "vulnerability_id": "VCID-xcqn-waa9-bkc3", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35324", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35345", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35321", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35143", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624", "reference_id": "00c821af032ba9e5f5fa3fe14690c8d28a657624", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907", "reference_id": "CVE-2022-41907", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907" }, { "reference_url": "https://github.com/advisories/GHSA-368v-7v32-52fx", "reference_id": "GHSA-368v-7v32-52fx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-368v-7v32-52fx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", "reference_id": "GHSA-368v-7v32-52fx", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc", "reference_id": "resize_nearest_neighbor_op.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41907", "GHSA-368v-7v32-52fx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcqn-waa9-bkc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167816?format=api", "vulnerability_id": "VCID-xcqv-4f46-zuhf", "summary": "TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26293", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26277", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2628", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2608", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35935" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf", "reference_id": "c65c67f88ad770662e8f191269a907bf2b94b1bf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35935", "reference_id": "CVE-2022-35935", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35935" }, { "reference_url": "https://github.com/advisories/GHSA-97p7-w86h-vcf9", "reference_id": "GHSA-97p7-w86h-vcf9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97p7-w86h-vcf9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9", "reference_id": "GHSA-97p7-w86h-vcf9", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35935", "GHSA-97p7-w86h-vcf9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcqv-4f46-zuhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15229?format=api", "vulnerability_id": "VCID-xcst-tzxn-zfhm", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47322", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.4746", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47479", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47463", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15", "reference_id": "da66bc6d5ff466aee084f9e7397980a24890cd15", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15" }, { "reference_url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25676", "GHSA-6wfh-89q8-44jq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcst-tzxn-zfhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172494?format=api", "vulnerability_id": "VCID-xdz6-dgwj-sbgz", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41468", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41478", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41459", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41293", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56", "reference_id": "888e34b49009a4e734c27ab0c43b0b5102682c56", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893", "reference_id": "CVE-2022-41893", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893" }, { "reference_url": "https://github.com/advisories/GHSA-67pf-62xr-q35m", "reference_id": "GHSA-67pf-62xr-q35m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67pf-62xr-q35m" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", "reference_id": "GHSA-67pf-62xr-q35m", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc", "reference_id": "list_kernels.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41893", "GHSA-67pf-62xr-q35m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdz6-dgwj-sbgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169250?format=api", "vulnerability_id": "VCID-xnxz-krts-vufk", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17893", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18044", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18069", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18052", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29207" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7", "reference_id": "a5b89cd68c02329d793356bda85d079e9e69b4e7", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29207", "reference_id": "CVE-2022-29207", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29207" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498", "reference_id": "dbdd98c37bc25249e8f288bd30d01e118a7b4498", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498" }, { "reference_url": "https://github.com/advisories/GHSA-5wpj-c6f7-24x8", "reference_id": "GHSA-5wpj-c6f7-24x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5wpj-c6f7-24x8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8", "reference_id": "GHSA-5wpj-c6f7-24x8", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29207", "GHSA-5wpj-c6f7-24x8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnxz-krts-vufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129463?format=api", "vulnerability_id": "VCID-xvbp-vvex-wqhd", "summary": "TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37292", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37307", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37282", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37103", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25661" }, { "reference_url": "https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25661", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25661" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2", "reference_id": "948fe6369a5711d4b4568ea9bbf6015c6dfb77e2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2" }, { "reference_url": "https://github.com/advisories/GHSA-fxgc-95xx-grvq", "reference_id": "GHSA-fxgc-95xx-grvq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxgc-95xx-grvq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", "reference_id": "GHSA-fxgc-95xx-grvq", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25661", "GHSA-fxgc-95xx-grvq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvbp-vvex-wqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166988?format=api", "vulnerability_id": "VCID-y2yd-5v7s-gqeg", "summary": "TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33315", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33291", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33295", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33114", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36018" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821", "reference_id": "88f93dfe691563baa4ae1e80ccde2d5c7a143821", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36018", "reference_id": "CVE-2022-36018", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36018" }, { "reference_url": "https://github.com/advisories/GHSA-m6cv-4fmf-66xf", "reference_id": "GHSA-m6cv-4fmf-66xf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6cv-4fmf-66xf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", "reference_id": "GHSA-m6cv-4fmf-66xf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36018", "GHSA-m6cv-4fmf-66xf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2yd-5v7s-gqeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172522?format=api", "vulnerability_id": "VCID-yj7a-18fe-myhb", "summary": "TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36728", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36739", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36714", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36535", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c", "reference_id": "c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887", "reference_id": "CVE-2022-41887", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h", "reference_id": "cwise_ops_common.h", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h" }, { "reference_url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "GHSA-8fvv-46hw-vpg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "GHSA-8fvv-46hw-vpg3", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py", "reference_id": "losses.py", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41887", "GHSA-8fvv-46hw-vpg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yj7a-18fe-myhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172170?format=api", "vulnerability_id": "VCID-yjzz-juse-wydc", "summary": "TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35838", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35854", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35831", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35651", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa", "reference_id": "80ff197d03db2a70c6a111f97dcdacad1b0babfa", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899", "reference_id": "CVE-2022-41899", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899" }, { "reference_url": "https://github.com/advisories/GHSA-27rc-728f-x5w2", "reference_id": "GHSA-27rc-728f-x5w2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27rc-728f-x5w2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", "reference_id": "GHSA-27rc-728f-x5w2", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc", "reference_id": "sdca_internal.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41899", "GHSA-27rc-728f-x5w2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjzz-juse-wydc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211372?format=api", "vulnerability_id": "VCID-yxby-zjey-suga", "summary": "TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20193", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20388", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35992" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35992", "reference_id": "CVE-2022-35992", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35992" }, { "reference_url": "https://github.com/advisories/GHSA-9v8w-xmr4-wgxp", "reference_id": "GHSA-9v8w-xmr4-wgxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9v8w-xmr4-wgxp" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", "reference_id": "GHSA-9v8w-xmr4-wgxp", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-35992", "GHSA-9v8w-xmr4-wgxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxby-zjey-suga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211355?format=api", "vulnerability_id": "VCID-z8s1-q6s7-13ev", "summary": "TensorFlow vulnerable to assertion fail on MLIR empty edge names", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41038", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40849", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41016", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41026", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36012" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36012", "reference_id": "CVE-2022-36012", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36012" }, { "reference_url": "https://github.com/advisories/GHSA-jvhc-5hhr-w3v5", "reference_id": "GHSA-jvhc-5hhr-w3v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvhc-5hhr-w3v5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", "reference_id": "GHSA-jvhc-5hhr-w3v5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-36012", "GHSA-jvhc-5hhr-w3v5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8s1-q6s7-13ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172187?format=api", "vulnerability_id": "VCID-zbsj-e2vm-rfbe", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37834", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37847", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37821", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37643", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc", "reference_id": "conv_ops_fused_image_transform.cc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885", "reference_id": "CVE-2022-41885", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce", "reference_id": "d66e1d568275e6a2947de97dca7a102a211e01ce", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce" }, { "reference_url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "GHSA-762h-vpvw-3rcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "GHSA-762h-vpvw-3rcx", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27956?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26508?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.1" } ], "aliases": [ "CVE-2022-41885", "GHSA-762h-vpvw-3rcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbsj-e2vm-rfbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211521?format=api", "vulnerability_id": "VCID-zg4x-t8ft-x3fh", "summary": "`MirrorPadGrad` heap out of bounds read", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35488", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35482", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35504", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895", "reference_id": "CVE-2022-41895", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895" }, { "reference_url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "GHSA-gq2j-cr96-gvqx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "GHSA-gq2j-cr96-gvqx", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27947?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/27948?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27946?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1" } ], "aliases": [ "CVE-2022-41895", "GHSA-gq2j-cr96-gvqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zg4x-t8ft-x3fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169408?format=api", "vulnerability_id": "VCID-zhts-sben-buf6", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34237", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3444", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34415", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29191" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281", "reference_id": "48305e8ffe5246d67570b64096a96f8e315a7281", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29191", "reference_id": "CVE-2022-29191", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29191" }, { "reference_url": "https://github.com/advisories/GHSA-fv25-wrff-wf86", "reference_id": "GHSA-fv25-wrff-wf86", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv25-wrff-wf86" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv25-wrff-wf86", "reference_id": "GHSA-fv25-wrff-wf86", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv25-wrff-wf86" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112", "reference_id": "session_ops.cc#L94-L112", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "v2.6.4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "v2.7.2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "v2.8.1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "v2.9.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23917?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23914?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.1" } ], "aliases": [ "CVE-2022-29191", "GHSA-fv25-wrff-wf86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhts-sben-buf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15224?format=api", "vulnerability_id": "VCID-zpcr-vst7-v3e6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55286", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5541", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55424", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55408", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25671" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25671", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25671" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367", "reference_id": "2eedc8f676d2c3b8be9492e547b2bc814c10b367", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938", "reference_id": "760322a71ac9033e122ef1f4b1c62813021e5938", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938" }, { "reference_url": "https://github.com/advisories/GHSA-j5w9-hmfh-4cr6", "reference_id": "GHSA-j5w9-hmfh-4cr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5w9-hmfh-4cr6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", "reference_id": "GHSA-j5w9-hmfh-4cr6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25671", "GHSA-j5w9-hmfh-4cr6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpcr-vst7-v3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15213?format=api", "vulnerability_id": "VCID-zpxn-zz7d-k7d5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42576", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42746", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42756", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42737", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05", "reference_id": "ee004b18b976eeb5a758020af8880236cd707d05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05" }, { "reference_url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380770?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3f8t-3shh-4yd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25659", "GHSA-93vr-9q9m-pj8p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpxn-zz7d-k7d5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169661?format=api", "vulnerability_id": "VCID-17uj-mjk3-fqhn", "summary": "Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21725" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-49.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-49.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-104.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-104.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a", "reference_id": "3218043d6d3a019756607643cf65574fbfef5d7a", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21725", "reference_id": "CVE-2022-21725", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21725" }, { "reference_url": "https://github.com/advisories/GHSA-v3f7-j968-4h5f", "reference_id": "GHSA-v3f7-j968-4h5f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v3f7-j968-4h5f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", "reference_id": "GHSA-v3f7-j968-4h5f", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198", "reference_id": "op_level_cost_estimator.cc#L189-L198", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21725", "CVE-2022-21725", "GHSA-v3f7-j968-4h5f", "PYSEC-2022-104", "PYSEC-2022-49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17uj-mjk3-fqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169492?format=api", "vulnerability_id": "VCID-1sdp-cxkx-abg5", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55356", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55359", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55234", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55372", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21727" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-51.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-51.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-106.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034", "reference_id": "array_ops.cc#L3001-L3034", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b64638ec5ccaa77b7c1eb90958e3d85ce381f91b", "reference_id": "b64638ec5ccaa77b7c1eb90958e3d85ce381f91b", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b64638ec5ccaa77b7c1eb90958e3d85ce381f91b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21727", "reference_id": "CVE-2022-21727", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21727" }, { "reference_url": "https://github.com/advisories/GHSA-c6fh-56w7-fvjw", "reference_id": "GHSA-c6fh-56w7-fvjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6fh-56w7-fvjw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", "reference_id": "GHSA-c6fh-56w7-fvjw", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21727", "CVE-2022-21727", "GHSA-c6fh-56w7-fvjw", "PYSEC-2022-106", "PYSEC-2022-51" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1sdp-cxkx-abg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169711?format=api", "vulnerability_id": "VCID-1yw4-xsun-abdm", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21735" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-59.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-59.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-114.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-114.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb", "reference_id": "ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21735", "reference_id": "CVE-2022-21735", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21735" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_max_pool_op.cc#L36-L192", "reference_id": "fractional_max_pool_op.cc#L36-L192", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_max_pool_op.cc#L36-L192" }, { "reference_url": "https://github.com/advisories/GHSA-87v6-crgm-2gfj", "reference_id": "GHSA-87v6-crgm-2gfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-87v6-crgm-2gfj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", "reference_id": "GHSA-87v6-crgm-2gfj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21735", "CVE-2022-21735", "GHSA-87v6-crgm-2gfj", "PYSEC-2022-114", "PYSEC-2022-59" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1yw4-xsun-abdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169677?format=api", "vulnerability_id": "VCID-22hh-kzkv-2fcm", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56528", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56517", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56395", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56513", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21736" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-60.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-115.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-115.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/965b97e4a9650495cda5a8c210ef6684b4b9eceb", "reference_id": "965b97e4a9650495cda5a8c210ef6684b4b9eceb", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/965b97e4a9650495cda5a8c210ef6684b4b9eceb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21736", "reference_id": "CVE-2022-21736", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21736" }, { "reference_url": "https://github.com/advisories/GHSA-pfjj-m3jj-9jc9", "reference_id": "GHSA-pfjj-m3jj-9jc9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pfjj-m3jj-9jc9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", "reference_id": "GHSA-pfjj-m3jj-9jc9", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L227-L292", "reference_id": "sparse_tensor_slice_dataset_op.cc#L227-L292", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L227-L292" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21736", "CVE-2022-21736", "GHSA-pfjj-m3jj-9jc9", "PYSEC-2022-115", "PYSEC-2022-60" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-22hh-kzkv-2fcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163887?format=api", "vulnerability_id": "VCID-2qg7-53ce-rygk", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71583", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71581", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.7157", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71484", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23585" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-94.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-94.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-149.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-149.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9", "reference_id": "ab51e5b813573dc9f51efa335aebcf2994125ee9", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23585", "reference_id": "CVE-2022-23585", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23585" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416", "reference_id": "decode_image_op.cc#L322-L416", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416" }, { "reference_url": "https://github.com/advisories/GHSA-fq6p-6334-8gr4", "reference_id": "GHSA-fq6p-6334-8gr4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fq6p-6334-8gr4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4", "reference_id": "GHSA-fq6p-6334-8gr4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23585", "CVE-2022-23585", "GHSA-fq6p-6334-8gr4", "PYSEC-2022-149", "PYSEC-2022-94" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qg7-53ce-rygk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207685?format=api", "vulnerability_id": "VCID-2x92-zmtp-byfc", "summary": "`CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65431", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65319", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.6542", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65429", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23581" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23581", "reference_id": "CVE-2022-23581", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23581" }, { "reference_url": "https://github.com/advisories/GHSA-fq86-3f29-px2c", "reference_id": "GHSA-fq86-3f29-px2c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fq86-3f29-px2c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", "reference_id": "GHSA-fq86-3f29-px2c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23581", "CVE-2022-23581", "GHSA-fq86-3f29-px2c", "PYSEC-2022-145", "PYSEC-2022-90" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2x92-zmtp-byfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163838?format=api", "vulnerability_id": "VCID-39bq-c6m1-2yfu", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5417", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54166", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5404", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23586" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-95.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-95.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-150.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645", "reference_id": "3d89911481ba6ebe8c88c1c0b595412121e6c645", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23586", "reference_id": "CVE-2022-23586", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23586" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2", "reference_id": "dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc", "reference_id": "function.cc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc" }, { "reference_url": "https://github.com/advisories/GHSA-43jf-985q-588j", "reference_id": "GHSA-43jf-985q-588j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jf-985q-588j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j", "reference_id": "GHSA-43jf-985q-588j", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23586", "CVE-2022-23586", "GHSA-43jf-985q-588j", "PYSEC-2022-150", "PYSEC-2022-95" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39bq-c6m1-2yfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163830?format=api", "vulnerability_id": "VCID-3tj8-awq2-3faa", "summary": "Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30412", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30418", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3043", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30216", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23569" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23569", "reference_id": "CVE-2022-23569", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23569" }, { "reference_url": "https://github.com/advisories/GHSA-qj5r-f9mv-rffh", "reference_id": "GHSA-qj5r-f9mv-rffh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qj5r-f9mv-rffh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh", "reference_id": "GHSA-qj5r-f9mv-rffh", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:46:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "tfsa-2021-198.md", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:46:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23569", "CVE-2022-23569", "GHSA-qj5r-f9mv-rffh", "PYSEC-2022-133", "PYSEC-2022-78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tj8-awq2-3faa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207901?format=api", "vulnerability_id": "VCID-3wda-9b3m-mbew", "summary": "Integer Overflow or Wraparound in TensorFlow", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/be7b286d40bc68cb0b56f702186cc4837d508058", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/be7b286d40bc68cb0b56f702186cc4837d508058" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p", "reference_id": "GHSA-prcg-wp5q-rv7p", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p" }, { "reference_url": "https://github.com/advisories/GHSA-wcv5-vrvr-3rx2", "reference_id": "GHSA-wcv5-vrvr-3rx2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wcv5-vrvr-3rx2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2", "reference_id": "GHSA-wcv5-vrvr-3rx2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "GHSA-wcv5-vrvr-3rx2", "GMS-2022-50", "GMS-2022-53", "GMS-2022-56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wda-9b3m-mbew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207935?format=api", "vulnerability_id": "VCID-5wgg-du91-kbgy", "summary": "Heap overflow in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.55027", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54889", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.55011", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21740" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-119.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-119.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21740", "reference_id": "CVE-2022-21740", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21740" }, { "reference_url": "https://github.com/advisories/GHSA-44qp-9wwf-734r", "reference_id": "GHSA-44qp-9wwf-734r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44qp-9wwf-734r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", "reference_id": "GHSA-44qp-9wwf-734r", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21740", "CVE-2022-21740", "GHSA-44qp-9wwf-734r", "PYSEC-2022-119", "PYSEC-2022-64" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wgg-du91-kbgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163812?format=api", "vulnerability_id": "VCID-6gg1-wqtz-cqad", "summary": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53336", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53323", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53321", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53194", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23587" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-96.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-96.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-151.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-151.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f", "reference_id": "0aaaae6eca5a7175a193696383f582f53adab23f", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23587", "reference_id": "CVE-2022-23587", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23587" }, { "reference_url": "https://github.com/advisories/GHSA-8jj7-5vxc-pg2q", "reference_id": "GHSA-8jj7-5vxc-pg2q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jj7-5vxc-pg2q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q", "reference_id": "GHSA-8jj7-5vxc-pg2q", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689", "reference_id": "op_level_cost_estimator.cc#L2621-L2689", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23587", "CVE-2022-23587", "GHSA-8jj7-5vxc-pg2q", "PYSEC-2022-151", "PYSEC-2022-96" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6gg1-wqtz-cqad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207966?format=api", "vulnerability_id": "VCID-6q8c-jb7v-xfbj", "summary": "Insecure temporary file in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02773", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0278", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02783", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02789", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23563" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-72.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-72.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-127.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-127.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23563", "reference_id": "CVE-2022-23563", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23563" }, { "reference_url": "https://github.com/advisories/GHSA-wc4g-r73w-x8mm", "reference_id": "GHSA-wc4g-r73w-x8mm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wc4g-r73w-x8mm" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", "reference_id": "GHSA-wc4g-r73w-x8mm", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23563", "CVE-2022-23563", "GHSA-wc4g-r73w-x8mm", "PYSEC-2022-127", "PYSEC-2022-72" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6q8c-jb7v-xfbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163943?format=api", "vulnerability_id": "VCID-71mu-7nwe-h3a4", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23557" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-66.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-66.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-121.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-121.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8c6f391a2282684a25cbfec7687bd5d35261a209", "reference_id": "8c6f391a2282684a25cbfec7687bd5d35261a209", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8c6f391a2282684a25cbfec7687bd5d35261a209" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/internal/common.h#L75", "reference_id": "common.h#L75", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/internal/common.h#L75" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23557", "reference_id": "CVE-2022-23557", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23557" }, { "reference_url": "https://github.com/advisories/GHSA-gf2j-f278-xh4v", "reference_id": "GHSA-gf2j-f278-xh4v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf2j-f278-xh4v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", "reference_id": "GHSA-gf2j-f278-xh4v", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23557", "CVE-2022-23557", "GHSA-gf2j-f278-xh4v", "PYSEC-2022-121", "PYSEC-2022-66" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71mu-7nwe-h3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163777?format=api", "vulnerability_id": "VCID-74mu-41a1-b7ca", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60579", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60581", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60473", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.6059", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23558" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-67.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-67.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-122.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-122.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091", "reference_id": "a1e1511dde36b3f8aa27a6ec630838e7ea40e091", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L24-L33", "reference_id": "common.c#L24-L33", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L24-L33" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60", "reference_id": "common.c#L53-L60", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23558", "reference_id": "CVE-2022-23558", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23558" }, { "reference_url": "https://github.com/advisories/GHSA-9gwq-6cwj-47h3", "reference_id": "GHSA-9gwq-6cwj-47h3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gwq-6cwj-47h3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", "reference_id": "GHSA-9gwq-6cwj-47h3", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23558", "CVE-2022-23558", "GHSA-9gwq-6cwj-47h3", "PYSEC-2022-122", "PYSEC-2022-67" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74mu-41a1-b7ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163864?format=api", "vulnerability_id": "VCID-8uhg-w8kp-cuhe", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53417", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53292", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53432", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23560" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-69.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-69.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-124.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-124.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038", "reference_id": "6364463d6f5b6254cac3d6aedf999b6a96225038", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23560", "reference_id": "CVE-2022-23560", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23560" }, { "reference_url": "https://github.com/advisories/GHSA-4hvf-hxvg-f67v", "reference_id": "GHSA-4hvf-hxvg-f67v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hvf-hxvg-f67v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", "reference_id": "GHSA-4hvf-hxvg-f67v", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293", "reference_id": "sparsity_format_converter.cc#L252-L293", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23560", "CVE-2022-23560", "GHSA-4hvf-hxvg-f67v", "PYSEC-2022-124", "PYSEC-2022-69" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uhg-w8kp-cuhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207949?format=api", "vulnerability_id": "VCID-8vhe-nhsh-m7bc", "summary": "`CHECK`-failures in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30418", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30216", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30412", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3043", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23565" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-74.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-74.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-129.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-129.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23565", "reference_id": "CVE-2022-23565", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23565" }, { "reference_url": "https://github.com/advisories/GHSA-4v5p-v5h9-6xjx", "reference_id": "GHSA-4v5p-v5h9-6xjx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4v5p-v5h9-6xjx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", "reference_id": "GHSA-4v5p-v5h9-6xjx", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23565", "CVE-2022-23565", "GHSA-4v5p-v5h9-6xjx", "PYSEC-2022-129", "PYSEC-2022-74" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vhe-nhsh-m7bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163862?format=api", "vulnerability_id": "VCID-94hc-wbh7-y3bp", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30216", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30418", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30412", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3043", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23571" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-80.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-80.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-135.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-135.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5b491cd5e41ad63735161cec9c2a568172c8b6a3", "reference_id": "5b491cd5e41ad63735161cec9c2a568172c8b6a3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5b491cd5e41ad63735161cec9c2a568172c8b6a3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23571", "reference_id": "CVE-2022-23571", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23571" }, { "reference_url": "https://github.com/advisories/GHSA-j3mj-fhpq-qqjj", "reference_id": "GHSA-j3mj-fhpq-qqjj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3mj-fhpq-qqjj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j3mj-fhpq-qqjj", "reference_id": "GHSA-j3mj-fhpq-qqjj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j3mj-fhpq-qqjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23571", "CVE-2022-23571", "GHSA-j3mj-fhpq-qqjj", "PYSEC-2022-135", "PYSEC-2022-80" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94hc-wbh7-y3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163981?format=api", "vulnerability_id": "VCID-9byx-9rha-5ucd", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64205", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64208", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64195", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64092", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23567" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8", "reference_id": "1b54cadd19391b60b6fcccd8d076426f7221d5e8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23567", "reference_id": "CVE-2022-23567", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23567" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510", "reference_id": "e952a89b7026b98fe8cbe626514a93ed68b7c510", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510" }, { "reference_url": "https://github.com/advisories/GHSA-rrx2-r989-2c43", "reference_id": "GHSA-rrx2-r989-2c43", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrx2-r989-2c43" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43", "reference_id": "GHSA-rrx2-r989-2c43", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc", "reference_id": "sparse_dense_binary_op_shared.cc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "tfsa-2021-198.md", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23567", "CVE-2022-23567", "GHSA-rrx2-r989-2c43", "PYSEC-2022-131", "PYSEC-2022-76" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9byx-9rha-5ucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163759?format=api", "vulnerability_id": "VCID-9h7k-2the-53d8", "summary": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53789", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53932", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53915", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23589" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf", "reference_id": "045deec1cbdebb27d817008ad5df94d96a08b1bf", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1", "reference_id": "0a365c029e437be0349c31f8d4c9926b69fa3fa1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497", "reference_id": "constant_folding.cc#L3466-L3497", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23589", "reference_id": "CVE-2022-23589", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23589" }, { "reference_url": "https://github.com/advisories/GHSA-9px9-73fg-3fqp", "reference_id": "GHSA-9px9-73fg-3fqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9px9-73fg-3fqp" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp", "reference_id": "GHSA-9px9-73fg-3fqp", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74", "reference_id": "mutable_graph_view.cc#L59-L74", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23589", "CVE-2022-23589", "GHSA-9px9-73fg-3fqp", "PYSEC-2022-153", "PYSEC-2022-98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9h7k-2the-53d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207904?format=api", "vulnerability_id": "VCID-ab1n-tw2c-wygp", "summary": "Improper Validation of Integrity Check Value in TensorFlow", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/61bf91e768173b001d56923600b40d9a95a04ad5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/61bf91e768173b001d56923600b40d9a95a04ad5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/53695", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/pull/53695" }, { "reference_url": "https://github.com/advisories/GHSA-43q8-3fv7-pr5x", "reference_id": "GHSA-43q8-3fv7-pr5x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43q8-3fv7-pr5x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x", "reference_id": "GHSA-43q8-3fv7-pr5x", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69", "reference_id": "GHSA-pgcq-h79j-2f69", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "GHSA-43q8-3fv7-pr5x", "GMS-2022-48", "GMS-2022-51", "GMS-2022-54" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ab1n-tw2c-wygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169617?format=api", "vulnerability_id": "VCID-ae9u-e623-mfew", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21732" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-56.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-111.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-111.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21732", "reference_id": "CVE-2022-21732", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21732" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e", "reference_id": "e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e" }, { "reference_url": "https://github.com/advisories/GHSA-c582-c96p-r5cq", "reference_id": "GHSA-c582-c96p-r5cq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c582-c96p-r5cq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", "reference_id": "GHSA-c582-c96p-r5cq", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135", "reference_id": "threadpool_dataset_op.cc#L79-L135", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21732", "CVE-2022-21732", "GHSA-c582-c96p-r5cq", "PYSEC-2022-111", "PYSEC-2022-56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae9u-e623-mfew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169501?format=api", "vulnerability_id": "VCID-b9up-rqqt-s7h6", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21737" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-61.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-61.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-116.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-116.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7019ce4f68925fd01cdafde26f8d8c938f47e6f9", "reference_id": "7019ce4f68925fd01cdafde26f8d8c938f47e6f9", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7019ce4f68925fd01cdafde26f8d8c938f47e6f9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/bincount_op.cc", "reference_id": "bincount_op.cc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/bincount_op.cc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21737", "reference_id": "CVE-2022-21737", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21737" }, { "reference_url": "https://github.com/advisories/GHSA-f2vv-v9cg-qhh7", "reference_id": "GHSA-f2vv-v9cg-qhh7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2vv-v9cg-qhh7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", "reference_id": "GHSA-f2vv-v9cg-qhh7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21737", "CVE-2022-21737", "GHSA-f2vv-v9cg-qhh7", "PYSEC-2022-116", "PYSEC-2022-61" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9up-rqqt-s7h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169582?format=api", "vulnerability_id": "VCID-bhmv-k8wb-1qhb", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.78306", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.78314", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.78238", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.78319", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21728" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-52.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-52.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-107.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-107.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995", "reference_id": "37c01fb5e25c3d80213060460196406c43d31995", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671", "reference_id": "array_ops.cc#L1636-L1671", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21728", "reference_id": "CVE-2022-21728", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21728" }, { "reference_url": "https://github.com/advisories/GHSA-6gmv-pjp9-p8w8", "reference_id": "GHSA-6gmv-pjp9-p8w8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6gmv-pjp9-p8w8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", "reference_id": "GHSA-6gmv-pjp9-p8w8", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428", "reference_id": "shape_inference.h#L415-L428", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21728", "CVE-2022-21728", "GHSA-6gmv-pjp9-p8w8", "PYSEC-2022-107", "PYSEC-2022-52" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhmv-k8wb-1qhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163875?format=api", "vulnerability_id": "VCID-bj3j-w7b1-f7fh", "summary": "Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53952", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53938", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53935", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53809", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23580" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7", "reference_id": "1361fb7e29449629e1df94d44e0427ebec8c83c7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23580", "reference_id": "CVE-2022-23580", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23580" }, { "reference_url": "https://github.com/advisories/GHSA-627q-g293-49q7", "reference_id": "GHSA-627q-g293-49q7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-627q-g293-49q7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", "reference_id": "GHSA-627q-g293-49q7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790", "reference_id": "shape_inference.cc#L788-L790", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23580", "CVE-2022-23580", "GHSA-627q-g293-49q7", "PYSEC-2022-144", "PYSEC-2022-89" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bj3j-w7b1-f7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169790?format=api", "vulnerability_id": "VCID-bqk2-6xgt-yqdf", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21734" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21734", "reference_id": "CVE-2022-21734", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21734" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d", "reference_id": "f57315566d7094f322b784947093406c2aea0d7d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d" }, { "reference_url": "https://github.com/advisories/GHSA-gcvh-66ff-4mwm", "reference_id": "GHSA-gcvh-66ff-4mwm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcvh-66ff-4mwm" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", "reference_id": "GHSA-gcvh-66ff-4mwm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550", "reference_id": "map_stage_op.cc#L519-L550", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21734", "CVE-2022-21734", "GHSA-gcvh-66ff-4mwm", "PYSEC-2022-113", "PYSEC-2022-58" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqk2-6xgt-yqdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163933?format=api", "vulnerability_id": "VCID-chhm-rcvx-euc4", "summary": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66801", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66814", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66709", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66815", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23572" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-81.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-136.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cb164786dc891ea11d3a900e90367c339305dc7b", "reference_id": "cb164786dc891ea11d3a900e90367c339305dc7b", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cb164786dc891ea11d3a900e90367c339305dc7b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23572", "reference_id": "CVE-2022-23572", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23572" }, { "reference_url": "https://github.com/advisories/GHSA-rww7-2gpw-fv6j", "reference_id": "GHSA-rww7-2gpw-fv6j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rww7-2gpw-fv6j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rww7-2gpw-fv6j", "reference_id": "GHSA-rww7-2gpw-fv6j", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rww7-2gpw-fv6j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174", "reference_id": "shape_inference.cc#L168-L174", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23572", "CVE-2022-23572", "GHSA-rww7-2gpw-fv6j", "PYSEC-2022-136", "PYSEC-2022-81" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chhm-rcvx-euc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163860?format=api", "vulnerability_id": "VCID-eg4r-uu6u-mua7", "summary": "Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44952", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44787", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44937", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23595" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-103.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-103.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-158.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-158.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23595", "reference_id": "CVE-2022-23595", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23595" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8", "reference_id": "e21af685e1828f7ca65038307df5cc06de4479e8", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8" }, { "reference_url": "https://github.com/advisories/GHSA-fpcp-9h7m-ffpx", "reference_id": "GHSA-fpcp-9h7m-ffpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpcp-9h7m-ffpx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", "reference_id": "GHSA-fpcp-9h7m-ffpx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104", "reference_id": "xla_platform_info.cc#L43-L104", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23595", "CVE-2022-23595", "GHSA-fpcp-9h7m-ffpx", "PYSEC-2022-103", "PYSEC-2022-158" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eg4r-uu6u-mua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163955?format=api", "vulnerability_id": "VCID-fvwy-bzsx-s3e9", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30216", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30418", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30412", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3043", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23564" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-73.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-73.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-128.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-128.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6", "reference_id": "14fea662350e7c26eb5fe1be2ac31704e5682ee6", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23564", "reference_id": "CVE-2022-23564", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23564" }, { "reference_url": "https://github.com/advisories/GHSA-8rcj-c8pj-v3m3", "reference_id": "GHSA-8rcj-c8pj-v3m3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8rcj-c8pj-v3m3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", "reference_id": "GHSA-8rcj-c8pj-v3m3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23564", "CVE-2022-23564", "GHSA-8rcj-c8pj-v3m3", "PYSEC-2022-128", "PYSEC-2022-73" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvwy-bzsx-s3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163916?format=api", "vulnerability_id": "VCID-gdqr-6s34-17ej", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38759", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38944", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38932", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38954", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23561" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-70.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-125.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-125.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6", "reference_id": "6c0b2b70eeee588591680f5b7d5d38175fd7cdf6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23561", "reference_id": "CVE-2022-23561", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23561" }, { "reference_url": "https://github.com/advisories/GHSA-9c78-vcq7-7vxq", "reference_id": "GHSA-9c78-vcq7-7vxq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c78-vcq7-7vxq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", "reference_id": "GHSA-9c78-vcq7-7vxq", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23561", "CVE-2022-23561", "GHSA-9c78-vcq7-7vxq", "PYSEC-2022-125", "PYSEC-2022-70" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdqr-6s34-17ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163774?format=api", "vulnerability_id": "VCID-gz6a-ux41-p3c1", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52353", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52335", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52342", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52213", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23583" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9", "reference_id": "a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23583", "reference_id": "CVE-2022-23583", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23583" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137", "reference_id": "cwise_ops_common.h#L88-L137", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137" }, { "reference_url": "https://github.com/advisories/GHSA-gjqc-q9g6-q2j3", "reference_id": "GHSA-gjqc-q9g6-q2j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjqc-q9g6-q2j3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3", "reference_id": "GHSA-gjqc-q9g6-q2j3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23583", "CVE-2022-23583", "GHSA-gjqc-q9g6-q2j3", "PYSEC-2022-147", "PYSEC-2022-92" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gz6a-ux41-p3c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163885?format=api", "vulnerability_id": "VCID-hwya-1v5w-7fav", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5404", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5417", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54166", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23588" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-97.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-97.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-152.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-152.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6b5adc0877de832b2a7c189532dbbbc64622eeb6", "reference_id": "6b5adc0877de832b2a7c189532dbbbc64622eeb6", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6b5adc0877de832b2a7c189532dbbbc64622eeb6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1328-L1402", "reference_id": "constant_folding.cc#L1328-L1402", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1328-L1402" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23588", "reference_id": "CVE-2022-23588", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23588" }, { "reference_url": "https://github.com/advisories/GHSA-fx5c-h9f6-rv7c", "reference_id": "GHSA-fx5c-h9f6-rv7c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fx5c-h9f6-rv7c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fx5c-h9f6-rv7c", "reference_id": "GHSA-fx5c-h9f6-rv7c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fx5c-h9f6-rv7c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/tensor.cc#L733-L781", "reference_id": "tensor.cc#L733-L781", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/tensor.cc#L733-L781" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23588", "CVE-2022-23588", "GHSA-fx5c-h9f6-rv7c", "PYSEC-2022-152", "PYSEC-2022-97" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwya-1v5w-7fav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208019?format=api", "vulnerability_id": "VCID-jrks-bdvd-cubq", "summary": "Memory leak in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42232", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42068", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42244", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42254", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23578" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-87.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-87.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-142.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-142.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23578", "reference_id": "CVE-2022-23578", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23578" }, { "reference_url": "https://github.com/advisories/GHSA-8r7c-3cm2-3h8f", "reference_id": "GHSA-8r7c-3cm2-3h8f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r7c-3cm2-3h8f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f", "reference_id": "GHSA-8r7c-3cm2-3h8f", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23578", "CVE-2022-23578", "GHSA-8r7c-3cm2-3h8f", "PYSEC-2022-142", "PYSEC-2022-87" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrks-bdvd-cubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163859?format=api", "vulnerability_id": "VCID-k3u8-th3h-cfak", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44937", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44787", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44952", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23577" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-86.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-86.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-141.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-141.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250", "reference_id": "4f38b1ac8e42727e18a2f0bde06d3bee8e77b250", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23577", "reference_id": "CVE-2022-23577", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23577" }, { "reference_url": "https://github.com/advisories/GHSA-8cxv-76p7-jxwr", "reference_id": "GHSA-8cxv-76p7-jxwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8cxv-76p7-jxwr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr", "reference_id": "GHSA-8cxv-76p7-jxwr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61", "reference_id": "loader_util.cc#L31-L61", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23577", "CVE-2022-23577", "GHSA-8cxv-76p7-jxwr", "PYSEC-2022-141", "PYSEC-2022-86" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3u8-th3h-cfak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207909?format=api", "vulnerability_id": "VCID-mkvt-7d4b-43f8", "summary": "NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88", "reference_id": "GHSA-57wx-m983-2f88", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88" }, { "reference_url": "https://github.com/advisories/GHSA-h6gw-r52c-724r", "reference_id": "GHSA-h6gw-r52c-724r", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6gw-r52c-724r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r", "reference_id": "GHSA-h6gw-r52c-724r", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "GHSA-h6gw-r52c-724r", "GMS-2022-49", "GMS-2022-52", "GMS-2022-55" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvt-7d4b-43f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163848?format=api", "vulnerability_id": "VCID-mt2b-ee9t-kyb4", "summary": "Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46396", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46382", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4624", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23579" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-88.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-88.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-143.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-143.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662", "reference_id": "92dba16749fae36c246bec3f9ba474d9ddeb7662", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23579", "reference_id": "CVE-2022-23579", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23579" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98", "reference_id": "dependency_optimizer.cc#L59-L98", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98" }, { "reference_url": "https://github.com/advisories/GHSA-5f2r-qp73-37mr", "reference_id": "GHSA-5f2r-qp73-37mr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f2r-qp73-37mr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", "reference_id": "GHSA-5f2r-qp73-37mr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23579", "CVE-2022-23579", "GHSA-5f2r-qp73-37mr", "PYSEC-2022-143", "PYSEC-2022-88" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt2b-ee9t-kyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169924?format=api", "vulnerability_id": "VCID-myb2-36yn-xfa6", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53001", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52999", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52873", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53017", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21726" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-50.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-50.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-105.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-105.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943", "reference_id": "23968a8bf65b009120c43b5ebcceaf52dbc9e943", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21726", "reference_id": "CVE-2022-21726", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21726" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153", "reference_id": "dequantize_op.cc#L92-L153", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153" }, { "reference_url": "https://github.com/advisories/GHSA-23hm-7w47-xw72", "reference_id": "GHSA-23hm-7w47-xw72", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-23hm-7w47-xw72" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", "reference_id": "GHSA-23hm-7w47-xw72", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21726", "CVE-2022-21726", "GHSA-23hm-7w47-xw72", "PYSEC-2022-105", "PYSEC-2022-50" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myb2-36yn-xfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163966?format=api", "vulnerability_id": "VCID-n396-93x5-x3ea", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53299", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53302", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53173", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53315", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23573" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-82.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-82.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-137.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-137.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/assign_op.h#L30-L143", "reference_id": "assign_op.h#L30-L143", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/assign_op.h#L30-L143" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23573", "reference_id": "CVE-2022-23573", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23573" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ef1d027be116f25e25bb94a60da491c2cf55bd0b", "reference_id": "ef1d027be116f25e25bb94a60da491c2cf55bd0b", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ef1d027be116f25e25bb94a60da491c2cf55bd0b" }, { "reference_url": "https://github.com/advisories/GHSA-q85f-69q7-55h2", "reference_id": "GHSA-q85f-69q7-55h2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q85f-69q7-55h2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2", "reference_id": "GHSA-q85f-69q7-55h2", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23573", "CVE-2022-23573", "GHSA-q85f-69q7-55h2", "PYSEC-2022-137", "PYSEC-2022-82" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n396-93x5-x3ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208026?format=api", "vulnerability_id": "VCID-pdjb-cgjk-fqc4", "summary": "`CHECK`-failures in `TensorByteSize` in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23582" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23582", "reference_id": "CVE-2022-23582", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23582" }, { "reference_url": "https://github.com/advisories/GHSA-4j82-5ccr-4r8v", "reference_id": "GHSA-4j82-5ccr-4r8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4j82-5ccr-4r8v" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", "reference_id": "GHSA-4j82-5ccr-4r8v", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23582", "CVE-2022-23582", "GHSA-4j82-5ccr-4r8v", "PYSEC-2022-146", "PYSEC-2022-91" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdjb-cgjk-fqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169670?format=api", "vulnerability_id": "VCID-psdu-r6bp-w7ec", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46382", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4624", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46396", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21733" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-57.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-57.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-112.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-112.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21733", "reference_id": "CVE-2022-21733", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21733" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f68fdab93fb7f4ddb4eb438c8fe052753c9413e8", "reference_id": "f68fdab93fb7f4ddb4eb438c8fe052753c9413e8", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f68fdab93fb7f4ddb4eb438c8fe052753c9413e8" }, { "reference_url": "https://github.com/advisories/GHSA-98j8-c9q4-r38g", "reference_id": "GHSA-98j8-c9q4-r38g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98j8-c9q4-r38g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g", "reference_id": "GHSA-98j8-c9q4-r38g", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161", "reference_id": "string_ngrams_op.cc#L29-L161", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21733", "CVE-2022-21733", "GHSA-98j8-c9q4-r38g", "PYSEC-2022-112", "PYSEC-2022-57" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psdu-r6bp-w7ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208009?format=api", "vulnerability_id": "VCID-q1k1-7syr-17f3", "summary": "Integer overflow in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23575" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-84.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-84.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-139.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-139.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23575", "reference_id": "CVE-2022-23575", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23575" }, { "reference_url": "https://github.com/advisories/GHSA-c94w-c95p-phf8", "reference_id": "GHSA-c94w-c95p-phf8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c94w-c95p-phf8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8", "reference_id": "GHSA-c94w-c95p-phf8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23575", "CVE-2022-23575", "GHSA-c94w-c95p-phf8", "PYSEC-2022-139", "PYSEC-2022-84" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1k1-7syr-17f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207963?format=api", "vulnerability_id": "VCID-r4xm-v23t-jka5", "summary": "Integer overflow in Tensorflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58738", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58623", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58735", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5875", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23562" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-71.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-71.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-126.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-126.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/52676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/issues/52676" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/51733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/pull/51733" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23562", "reference_id": "CVE-2022-23562", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23562" }, { "reference_url": "https://github.com/advisories/GHSA-qx3f-p745-w4hr", "reference_id": "GHSA-qx3f-p745-w4hr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qx3f-p745-w4hr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", "reference_id": "GHSA-qx3f-p745-w4hr", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23562", "CVE-2022-23562", "GHSA-qx3f-p745-w4hr", "PYSEC-2022-126", "PYSEC-2022-71" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4xm-v23t-jka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163934?format=api", "vulnerability_id": "VCID-ssxe-q1mn-p3e2", "summary": "Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56703", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56828", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56824", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56839", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23591" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-100.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-100.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-155.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-155.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c", "reference_id": "448a16182065bd08a202d9057dd8ca541e67996c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23591", "reference_id": "CVE-2022-23591", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23591" }, { "reference_url": "https://github.com/advisories/GHSA-247x-2f9f-5wp7", "reference_id": "GHSA-247x-2f9f-5wp7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-247x-2f9f-5wp7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7", "reference_id": "GHSA-247x-2f9f-5wp7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23591", "CVE-2022-23591", "GHSA-247x-2f9f-5wp7", "PYSEC-2022-100", "PYSEC-2022-155" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssxe-q1mn-p3e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207946?format=api", "vulnerability_id": "VCID-t8k9-wwwn-gfec", "summary": "Division by zero in TFLite", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46382", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4624", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46396", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21741" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-65.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-65.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-120.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-120.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21741", "reference_id": "CVE-2022-21741", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21741" }, { "reference_url": "https://github.com/advisories/GHSA-428x-9xc2-m8mj", "reference_id": "GHSA-428x-9xc2-m8mj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-428x-9xc2-m8mj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", "reference_id": "GHSA-428x-9xc2-m8mj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21741", "CVE-2022-21741", "GHSA-428x-9xc2-m8mj", "PYSEC-2022-120", "PYSEC-2022-65" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8k9-wwwn-gfec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169545?format=api", "vulnerability_id": "VCID-tk66-wart-xken", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54166", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5417", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5404", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21731" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-55.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-55.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-110.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-110.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022", "reference_id": "08d7b00c0a5a20926363849f611729f53f3ec022", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059", "reference_id": "common_shape_fns.cc#L1961-L2059", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21731", "reference_id": "CVE-2022-21731", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21731" }, { "reference_url": "https://github.com/advisories/GHSA-m4hf-j54p-p353", "reference_id": "GHSA-m4hf-j54p-p353", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4hf-j54p-p353" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", "reference_id": "GHSA-m4hf-j54p-p353", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358", "reference_id": "shape_inference.cc#L345-L358", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21731", "CVE-2022-21731", "GHSA-m4hf-j54p-p353", "PYSEC-2022-110", "PYSEC-2022-55" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk66-wart-xken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207934?format=api", "vulnerability_id": "VCID-tw68-9pn4-4yd1", "summary": "Null pointer dereference in TensorFlow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44937", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44787", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44952", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21739" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-63.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-63.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-118.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-118.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/quantized_pooling_ops.cc#L114-L130", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/quantized_pooling_ops.cc#L114-L130" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/53b0dd6dc5957652f35964af16b892ec9af4a559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/53b0dd6dc5957652f35964af16b892ec9af4a559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21739", "reference_id": "CVE-2022-21739", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21739" }, { "reference_url": "https://github.com/advisories/GHSA-3mw4-6rj6-74g5", "reference_id": "GHSA-3mw4-6rj6-74g5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3mw4-6rj6-74g5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", "reference_id": "GHSA-3mw4-6rj6-74g5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21739", "CVE-2022-21739", "GHSA-3mw4-6rj6-74g5", "PYSEC-2022-118", "PYSEC-2022-63" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tw68-9pn4-4yd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163922?format=api", "vulnerability_id": "VCID-tzte-8zj8-ffge", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67151", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67256", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67242", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23559" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-68.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-68.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-123.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-123.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043", "reference_id": "1de49725a5fc4e48f1a3b902ec3599ee99283043", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4", "reference_id": "a4e401da71458d253b05e41f28637b65baf64be4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23559", "reference_id": "CVE-2022-23559", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23559" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189", "reference_id": "embedding_lookup_sparse.cc#L179-L189", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01", "reference_id": "f19be71717c497723ba0cea0379e84f061a75e01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01" }, { "reference_url": "https://github.com/advisories/GHSA-98p5-x8x4-c9m5", "reference_id": "GHSA-98p5-x8x4-c9m5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98p5-x8x4-c9m5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "reference_id": "GHSA-98p5-x8x4-c9m5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23559", "CVE-2022-23559", "GHSA-98p5-x8x4-c9m5", "PYSEC-2022-123", "PYSEC-2022-68" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzte-8zj8-ffge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169889?format=api", "vulnerability_id": "VCID-uhe5-2fkb-hkfx", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21729" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-53.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-108.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-108.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47af", "reference_id": "58b34c6c8250983948b5a781b426f6aa01fd47af", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47af" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21729", "reference_id": "CVE-2022-21729", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21729" }, { "reference_url": "https://github.com/advisories/GHSA-34f9-hjfq-rr8j", "reference_id": "GHSA-34f9-hjfq-rr8j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34f9-hjfq-rr8j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", "reference_id": "GHSA-34f9-hjfq-rr8j", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135", "reference_id": "unravel_index_op.cc#L36-L135", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21729", "CVE-2022-21729", "GHSA-34f9-hjfq-rr8j", "PYSEC-2022-108", "PYSEC-2022-53" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uhe5-2fkb-hkfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163931?format=api", "vulnerability_id": "VCID-us53-r1nf-vub1", "summary": "Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6065", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60652", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60545", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60661", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23566" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-75.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-75.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-130.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-130.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd", "reference_id": "97282c6d0d34476b6ba033f961590b783fa184cd", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23566", "reference_id": "CVE-2022-23566", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23566" }, { "reference_url": "https://github.com/advisories/GHSA-5qw5-89mw-wcg2", "reference_id": "GHSA-5qw5-89mw-wcg2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5qw5-89mw-wcg2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2", "reference_id": "GHSA-5qw5-89mw-wcg2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141", "reference_id": "graph_properties.cc#L1132-L1141", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394", "reference_id": "shape_inference.h#L394", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23566", "CVE-2022-23566", "GHSA-5qw5-89mw-wcg2", "PYSEC-2022-130", "PYSEC-2022-75" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us53-r1nf-vub1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163785?format=api", "vulnerability_id": "VCID-v5hp-evdc-zbgq", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66872", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66887", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.6678", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23570" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-79.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-79.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-134.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-134.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8a513cec4bec15961fbfdedcaa5376522980455c", "reference_id": "8a513cec4bec15961fbfdedcaa5376522980455c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8a513cec4bec15961fbfdedcaa5376522980455c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23570", "reference_id": "CVE-2022-23570", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23570" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106", "reference_id": "full_type_util.cc#L104-L106", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106" }, { "reference_url": "https://github.com/advisories/GHSA-9p77-mmrw-69c7", "reference_id": "GHSA-9p77-mmrw-69c7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9p77-mmrw-69c7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9p77-mmrw-69c7", "reference_id": "GHSA-9p77-mmrw-69c7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9p77-mmrw-69c7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23570", "CVE-2022-23570", "GHSA-9p77-mmrw-69c7", "PYSEC-2022-134", "PYSEC-2022-79" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v5hp-evdc-zbgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163831?format=api", "vulnerability_id": "VCID-x2d1-kaa5-1ygy", "summary": "Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53417", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53292", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53432", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23574" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-83.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-83.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-138.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-138.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042", "reference_id": "0657c83d08845cc434175934c642299de2c0f042", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23574", "reference_id": "CVE-2022-23574", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23574" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L81-L102", "reference_id": "full_type_util.cc#L81-L102", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L81-L102" }, { "reference_url": "https://github.com/advisories/GHSA-77gp-3h4r-6428", "reference_id": "GHSA-77gp-3h4r-6428", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77gp-3h4r-6428" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428", "reference_id": "GHSA-77gp-3h4r-6428", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23574", "CVE-2022-23574", "GHSA-77gp-3h4r-6428", "PYSEC-2022-138", "PYSEC-2022-83" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2d1-kaa5-1ygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163910?format=api", "vulnerability_id": "VCID-y17x-eeju-abdd", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54166", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5417", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5404", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23568" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8", "reference_id": "a68f68061e263a88321c104a6c911fe5598050a8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c", "reference_id": "b51b82fe65ebace4475e3c54eb089c18a4403f1c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23568", "reference_id": "CVE-2022-23568", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23568" }, { "reference_url": "https://github.com/advisories/GHSA-6445-fm66-fvq2", "reference_id": "GHSA-6445-fm66-fvq2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6445-fm66-fvq2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", "reference_id": "GHSA-6445-fm66-fvq2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc", "reference_id": "sparse_tensors_map_ops.cc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23568", "CVE-2022-23568", "GHSA-6445-fm66-fvq2", "PYSEC-2022-132", "PYSEC-2022-77" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y17x-eeju-abdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169682?format=api", "vulnerability_id": "VCID-z2d5-vjfc-jfej", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55238", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55226", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55101", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55222", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21730" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-54.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-54.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-109.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-109.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9", "reference_id": "002408c3696b173863228223d535f9de72a101a9", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21730", "reference_id": "CVE-2022-21730", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21730" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360", "reference_id": "fractional_avg_pool_op.cc#L209-L360", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360" }, { "reference_url": "https://github.com/advisories/GHSA-vjg4-v33c-ggc4", "reference_id": "GHSA-vjg4-v33c-ggc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjg4-v33c-ggc4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", "reference_id": "GHSA-vjg4-v33c-ggc4", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21730", "CVE-2022-21730", "GHSA-vjg4-v33c-ggc4", "PYSEC-2022-109", "PYSEC-2022-54" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2d5-vjfc-jfej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163917?format=api", "vulnerability_id": "VCID-zn66-cv24-37ek", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4898", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48965", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48963", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48827", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23584" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-93.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-93.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-148.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23584", "reference_id": "CVE-2022-23584", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23584" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346", "reference_id": "decode_image_op.cc#L339-L346", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b", "reference_id": "e746adbfcfee15e9cfdb391ff746c765b99bdf9b", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b" }, { "reference_url": "https://github.com/advisories/GHSA-24x4-6qmh-88qg", "reference_id": "GHSA-24x4-6qmh-88qg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-24x4-6qmh-88qg" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg", "reference_id": "GHSA-24x4-6qmh-88qg", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23584", "CVE-2022-23584", "GHSA-24x4-6qmh-88qg", "PYSEC-2022-148", "PYSEC-2022-93" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zn66-cv24-37ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163808?format=api", "vulnerability_id": "VCID-zrt8-h877-n3f9", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23576" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-85.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-85.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-140.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-140.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae", "reference_id": "b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23576", "reference_id": "CVE-2022-23576", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23576" }, { "reference_url": "https://github.com/advisories/GHSA-wm93-f238-7v37", "reference_id": "GHSA-wm93-f238-7v37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm93-f238-7v37" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37", "reference_id": "GHSA-wm93-f238-7v37", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617", "reference_id": "op_level_cost_estimator.cc#L1598-L1617", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23576", "CVE-2022-23576", "GHSA-wm93-f238-7v37", "PYSEC-2022-140", "PYSEC-2022-85" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrt8-h877-n3f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169509?format=api", "vulnerability_id": "VCID-zs5c-v6vq-mqfp", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44879", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44864", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21738" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-62.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-117.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-117.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6f4d3e8139ec724dbbcb40505891c81dd1052c4a", "reference_id": "6f4d3e8139ec724dbbcb40505891c81dd1052c4a", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6f4d3e8139ec724dbbcb40505891c81dd1052c4a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273", "reference_id": "count_ops.cc#L168-L273", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21738", "reference_id": "CVE-2022-21738", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21738" }, { "reference_url": "https://github.com/advisories/GHSA-x4qx-4fjv-hmw6", "reference_id": "GHSA-x4qx-4fjv-hmw6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4qx-4fjv-hmw6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", "reference_id": "GHSA-x4qx-4fjv-hmw6", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18949?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18955?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mawu-qayq-5uhc" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18953?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-162b-e4ey-kfb6" }, { "vulnerability": "VCID-18pt-kr33-2yer" }, { "vulnerability": "VCID-1g5k-pk73-xuag" }, { "vulnerability": "VCID-26bq-kxgk-zba5" }, { "vulnerability": "VCID-2bhy-rya4-g3ag" }, { "vulnerability": "VCID-2gju-dx21-gban" }, { "vulnerability": "VCID-2yfm-qasv-d7cm" }, { "vulnerability": "VCID-35b9-hd8e-y3g9" }, { "vulnerability": "VCID-3cnr-w5u6-fkf3" }, { "vulnerability": "VCID-3f8t-3shh-4yd3" }, { "vulnerability": "VCID-3kpb-9uen-27he" }, { "vulnerability": "VCID-3mne-q3yp-g7eg" }, { "vulnerability": "VCID-3muc-6x8b-kfb7" }, { "vulnerability": "VCID-3p9b-eym8-jkfp" }, { "vulnerability": "VCID-3q2y-wpjf-5fe4" }, { "vulnerability": "VCID-43qh-mkdk-8qdg" }, { "vulnerability": "VCID-44xr-jrtj-7kf9" }, { "vulnerability": "VCID-4r56-jkdr-6bg5" }, { "vulnerability": "VCID-4ugk-p8g3-wudu" }, { "vulnerability": "VCID-4y1h-6kgt-s7eq" }, { "vulnerability": "VCID-4yvv-9g6x-efgz" }, { "vulnerability": "VCID-5gxh-jraz-qqgt" }, { "vulnerability": "VCID-6bnz-371j-guax" }, { "vulnerability": "VCID-6d3g-yrc1-skgp" }, { "vulnerability": "VCID-6d4y-v122-pffp" }, { "vulnerability": "VCID-6ujk-5hn7-g7dj" }, { "vulnerability": "VCID-774w-x7x9-8kdb" }, { "vulnerability": "VCID-7jnw-mvw8-qbcw" }, { "vulnerability": "VCID-7wvn-8q7d-rygt" }, { "vulnerability": "VCID-7yn3-qktg-17fv" }, { "vulnerability": "VCID-86qh-ufqm-subt" }, { "vulnerability": "VCID-89g9-7u28-s3hw" }, { "vulnerability": "VCID-8h18-74sq-9uf1" }, { "vulnerability": "VCID-8kp4-8t2v-rkfn" }, { "vulnerability": "VCID-8mbh-74v8-57bn" }, { "vulnerability": "VCID-8sbz-f5av-gkgh" }, { "vulnerability": "VCID-8w84-59y3-6qgd" }, { "vulnerability": "VCID-8ygv-ub5q-tug5" }, { "vulnerability": "VCID-93t7-y91d-2fds" }, { "vulnerability": "VCID-9egf-vt4b-mkfe" }, { "vulnerability": "VCID-9f7c-q4z8-akd7" }, { "vulnerability": "VCID-aq4b-cxh4-pqgy" }, { "vulnerability": "VCID-bd7h-dc5y-ybhx" }, { "vulnerability": "VCID-bgms-c956-q3cv" }, { "vulnerability": "VCID-byq1-27p3-m7fq" }, { "vulnerability": "VCID-cp1r-46ub-8yg8" }, { "vulnerability": "VCID-cs1n-e4ng-wbhu" }, { "vulnerability": "VCID-css2-4pa4-87gx" }, { "vulnerability": "VCID-cuak-225n-4fc5" }, { "vulnerability": "VCID-cy8p-kwfp-dfdz" }, { "vulnerability": "VCID-dgzu-rtcf-sfdc" }, { "vulnerability": "VCID-egjs-r2ed-hbfe" }, { "vulnerability": "VCID-esen-w1rc-73du" }, { "vulnerability": "VCID-f186-75wf-3bd5" }, { "vulnerability": "VCID-f3tp-9q7p-7ycd" }, { "vulnerability": "VCID-f522-fb48-b3gc" }, { "vulnerability": "VCID-fujj-xc7u-ducv" }, { "vulnerability": "VCID-gdrm-e3tn-z3hk" }, { "vulnerability": "VCID-gkxw-ufq4-2ffz" }, { "vulnerability": "VCID-hp3e-kt3d-ykfr" }, { "vulnerability": "VCID-hs24-1u1m-7qbh" }, { "vulnerability": "VCID-j4sc-7ycd-vkc4" }, { "vulnerability": "VCID-j5b6-r9b1-17a6" }, { "vulnerability": "VCID-jb5e-3br8-nyau" }, { "vulnerability": "VCID-jc4n-4jfy-x7ez" }, { "vulnerability": "VCID-jg52-1he8-muhq" }, { "vulnerability": "VCID-jgys-5pnb-tkfk" }, { "vulnerability": "VCID-jhgz-re77-hkf5" }, { "vulnerability": "VCID-jw7z-91u8-23b4" }, { "vulnerability": "VCID-jwbd-47ef-xqa1" }, { "vulnerability": "VCID-k3fc-akkc-eyce" }, { "vulnerability": "VCID-k47c-gnm9-xugu" }, { "vulnerability": "VCID-kmfz-a4y6-5fc8" }, { "vulnerability": "VCID-kzzh-afnu-dqef" }, { "vulnerability": "VCID-mhv5-aphc-cfhn" }, { "vulnerability": "VCID-mjz8-5aee-8bhn" }, { "vulnerability": "VCID-mqxw-a8qv-mbee" }, { "vulnerability": "VCID-n8np-2f5x-abd4" }, { "vulnerability": "VCID-nktb-w1uc-zygy" }, { "vulnerability": "VCID-p36a-eb5k-rqgu" }, { "vulnerability": "VCID-pdfh-953s-skhm" }, { "vulnerability": "VCID-pgc2-gukr-r3dg" }, { "vulnerability": "VCID-pmvu-stzf-eqet" }, { "vulnerability": "VCID-pr47-unnv-d7a9" }, { "vulnerability": "VCID-q17s-hqkj-kkht" }, { "vulnerability": "VCID-r7qz-zsk3-sqaq" }, { "vulnerability": "VCID-r9t6-8fdd-hbab" }, { "vulnerability": "VCID-rasj-1k6m-1yce" }, { "vulnerability": "VCID-ryrd-4pn5-4ugh" }, { "vulnerability": "VCID-se4m-gfvh-sbds" }, { "vulnerability": "VCID-skd4-mkp3-ukef" }, { "vulnerability": "VCID-swe6-wcg7-5bgw" }, { "vulnerability": "VCID-szqg-mqkc-eqa7" }, { "vulnerability": "VCID-t5p3-jcbx-hfg7" }, { "vulnerability": "VCID-t8ye-2bn9-qkg1" }, { "vulnerability": "VCID-tn91-effk-ukcs" }, { "vulnerability": "VCID-tyjm-zqv9-gbft" }, { "vulnerability": "VCID-udh3-v17y-63c4" }, { "vulnerability": "VCID-unkw-ckgc-yqgv" }, { "vulnerability": "VCID-v1bb-9jk5-9kfw" }, { "vulnerability": "VCID-v2r1-wbmd-d7a1" }, { "vulnerability": "VCID-ve91-saat-hkeb" }, { "vulnerability": "VCID-vg3v-hjcr-uqc9" }, { "vulnerability": "VCID-vsep-b318-4ffr" }, { "vulnerability": "VCID-vw5d-2grk-fufy" }, { "vulnerability": "VCID-w4fy-epnu-5qhr" }, { "vulnerability": "VCID-w66u-chbb-j3dr" }, { "vulnerability": "VCID-w9te-1qez-xkbc" }, { "vulnerability": "VCID-wbyv-qzpx-ebfk" }, { "vulnerability": "VCID-wxuj-p9gb-hucm" }, { "vulnerability": "VCID-x2kn-8qsj-pbcs" }, { "vulnerability": "VCID-x9d4-r747-pugg" }, { "vulnerability": "VCID-xcqn-waa9-bkc3" }, { "vulnerability": "VCID-xcqv-4f46-zuhf" }, { "vulnerability": "VCID-xcst-tzxn-zfhm" }, { "vulnerability": "VCID-xdz6-dgwj-sbgz" }, { "vulnerability": "VCID-xnxz-krts-vufk" }, { "vulnerability": "VCID-xvbp-vvex-wqhd" }, { "vulnerability": "VCID-y2yd-5v7s-gqeg" }, { "vulnerability": "VCID-yj7a-18fe-myhb" }, { "vulnerability": "VCID-yjzz-juse-wydc" }, { "vulnerability": "VCID-yxby-zjey-suga" }, { "vulnerability": "VCID-z8s1-q6s7-13ev" }, { "vulnerability": "VCID-zbsj-e2vm-rfbe" }, { "vulnerability": "VCID-zg4x-t8ft-x3fh" }, { "vulnerability": "VCID-zhts-sben-buf6" }, { "vulnerability": "VCID-zpcr-vst7-v3e6" }, { "vulnerability": "VCID-zpxn-zz7d-k7d5" }, { "vulnerability": "VCID-ztrg-nfqg-r3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21738", "CVE-2022-21738", "GHSA-x4qx-4fjv-hmw6", "PYSEC-2022-117", "PYSEC-2022-62" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zs5c-v6vq-mqfp" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3" }