Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/26601?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "type": "pypi", "namespace": "", "name": "tensorflow-gpu", "version": "2.7.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102241?format=api", "vulnerability_id": "VCID-124y-9kpj-p7aj", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5643", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56478", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5649", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56483", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36014" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36014", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36014" }, { "reference_url": "https://github.com/advisories/GHSA-7j3m-8g3c-9qqq", "reference_id": "GHSA-7j3m-8g3c-9qqq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j3m-8g3c-9qqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36014", "GHSA-7j3m-8g3c-9qqq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-124y-9kpj-p7aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102271?format=api", "vulnerability_id": "VCID-1b48-dfec-4ycn", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35042", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35114", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35152", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907" }, { "reference_url": "https://github.com/advisories/GHSA-368v-7v32-52fx", "reference_id": "GHSA-368v-7v32-52fx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-368v-7v32-52fx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41907", "GHSA-368v-7v32-52fx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1b48-dfec-4ycn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102210?format=api", "vulnerability_id": "VCID-1fjg-c139-1yf1", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35973" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35973", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35973" }, { "reference_url": "https://github.com/advisories/GHSA-689c-r7h2-fv9v", "reference_id": "GHSA-689c-r7h2-fv9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-689c-r7h2-fv9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35973", "GHSA-689c-r7h2-fv9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fjg-c139-1yf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102186?format=api", "vulnerability_id": "VCID-1g5s-7at3-ckfn", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28262", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28303", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28352", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29212" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/43661", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/43661" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29212", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29212" }, { "reference_url": "https://github.com/advisories/GHSA-8wwm-6264-x792", "reference_id": "GHSA-8wwm-6264-x792", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wwm-6264-x792" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29212", "GHSA-8wwm-6264-x792" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1g5s-7at3-ckfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44733?format=api", "vulnerability_id": "VCID-1jte-hpg7-gydx", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669" }, { "reference_url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25669", "GHSA-rcf8-g8jv-vg6p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jte-hpg7-gydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102248?format=api", "vulnerability_id": "VCID-1m8h-cgum-nkd2", "summary": "TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50355", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50405", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50423", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50416", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36027" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/53767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/53767" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36027", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36027" }, { "reference_url": "https://github.com/advisories/GHSA-79h2-q768-fpxr", "reference_id": "GHSA-79h2-q768-fpxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-79h2-q768-fpxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36027", "GHSA-79h2-q768-fpxr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m8h-cgum-nkd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102274?format=api", "vulnerability_id": "VCID-1xee-v43t-c7c4", "summary": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55599", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55649", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55655", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910" }, { "reference_url": "https://github.com/advisories/GHSA-frqp-wp83-qggv", "reference_id": "GHSA-frqp-wp83-qggv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frqp-wp83-qggv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41910", "GHSA-frqp-wp83-qggv", "GMS-2022-6997", "GMS-2022-7005", "GMS-2022-7013" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xee-v43t-c7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102243?format=api", "vulnerability_id": "VCID-23fs-9e1j-tbdu", "summary": "TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61018", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61063", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61075", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61067", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36016" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36016", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36016" }, { "reference_url": "https://github.com/advisories/GHSA-g468-qj8g-vcjc", "reference_id": "GHSA-g468-qj8g-vcjc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g468-qj8g-vcjc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36016", "GHSA-g468-qj8g-vcjc" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23fs-9e1j-tbdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102167?format=api", "vulnerability_id": "VCID-2ycd-39t1-zfhs", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2562", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25666", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25721", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29194" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29194", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29194" }, { "reference_url": "https://github.com/advisories/GHSA-h5g4-ppwx-48q2", "reference_id": "GHSA-h5g4-ppwx-48q2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5g4-ppwx-48q2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29194", "GHSA-h5g4-ppwx-48q2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ycd-39t1-zfhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102200?format=api", "vulnerability_id": "VCID-34ue-dphj-8ka5", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35963" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35963", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35963" }, { "reference_url": "https://github.com/advisories/GHSA-84jm-4cf3-9jfm", "reference_id": "GHSA-84jm-4cf3-9jfm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-84jm-4cf3-9jfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35963", "GHSA-84jm-4cf3-9jfm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34ue-dphj-8ka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44739?format=api", "vulnerability_id": "VCID-36ey-jnev-qqf8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17135", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17098", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17174", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1717", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666" }, { "reference_url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25666", "GHSA-f637-vh3r-vfh2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36ey-jnev-qqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55592?format=api", "vulnerability_id": "VCID-37j3-cnw5-4fch", "summary": "TensorFlow has segfault in array_ops.upper_bound\n`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1127", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11278", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976", "reference_id": "CVE-2023-33976", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82289?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.1" } ], "aliases": [ "CVE-2023-33976", "GHSA-gjh7-xx4r-x345" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37j3-cnw5-4fch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102213?format=api", "vulnerability_id": "VCID-3dgz-dzdx-8kgz", "summary": "TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35981" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35981", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35981" }, { "reference_url": "https://github.com/advisories/GHSA-vxv8-r8q2-63xw", "reference_id": "GHSA-vxv8-r8q2-63xw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxv8-r8q2-63xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35981", "GHSA-vxv8-r8q2-63xw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3dgz-dzdx-8kgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102240?format=api", "vulnerability_id": "VCID-3ev9-u7cm-tbct", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4487", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44926", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44946", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36013" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36013", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36013" }, { "reference_url": "https://github.com/advisories/GHSA-828c-5j5q-vrjq", "reference_id": "GHSA-828c-5j5q-vrjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-828c-5j5q-vrjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36013", "GHSA-828c-5j5q-vrjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ev9-u7cm-tbct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102199?format=api", "vulnerability_id": "VCID-3jab-qtww-47eq", "summary": "TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43227", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43285", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43309", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43299", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35960" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35960", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35960" }, { "reference_url": "https://github.com/advisories/GHSA-v5xg-3q2c-c2r4", "reference_id": "GHSA-v5xg-3q2c-c2r4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5xg-3q2c-c2r4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35960", "GHSA-v5xg-3q2c-c2r4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jab-qtww-47eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102183?format=api", "vulnerability_id": "VCID-3kva-8fv8-ukaa", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26103", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26199", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26206", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29209" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55530", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55530" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/55730", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/pull/55730" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29209", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29209" }, { "reference_url": "https://github.com/advisories/GHSA-f4rr-5m7v-wxcw", "reference_id": "GHSA-f4rr-5m7v-wxcw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4rr-5m7v-wxcw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29209", "GHSA-f4rr-5m7v-wxcw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kva-8fv8-ukaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102211?format=api", "vulnerability_id": "VCID-3rtn-hnmg-dugs", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35974" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35974", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35974" }, { "reference_url": "https://github.com/advisories/GHSA-vgvh-2pf4-jr2x", "reference_id": "GHSA-vgvh-2pf4-jr2x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vgvh-2pf4-jr2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35974", "GHSA-vgvh-2pf4-jr2x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rtn-hnmg-dugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102166?format=api", "vulnerability_id": "VCID-3v2x-fcff-2kfn", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15931", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15963", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16006", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16016", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29193" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/summary_tensor_op.cc#L33-L58", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/summary_tensor_op.cc#L33-L58" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/290bb05c80c327ed74fae1d089f1001b1e2a4ef7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/290bb05c80c327ed74fae1d089f1001b1e2a4ef7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p9q-h29j-3f5v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p9q-h29j-3f5v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29193" }, { "reference_url": "https://github.com/advisories/GHSA-2p9q-h29j-3f5v", "reference_id": "GHSA-2p9q-h29j-3f5v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2p9q-h29j-3f5v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29193", "GHSA-2p9q-h29j-3f5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3v2x-fcff-2kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102254?format=api", "vulnerability_id": "VCID-42t9-hpd3-hufy", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886" }, { "reference_url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "GHSA-54pp-c6pp-7fpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41886", "GHSA-54pp-c6pp-7fpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42t9-hpd3-hufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102224?format=api", "vulnerability_id": "VCID-4632-rf32-xfgg", "summary": "TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35992" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35992", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35992" }, { "reference_url": "https://github.com/advisories/GHSA-9v8w-xmr4-wgxp", "reference_id": "GHSA-9v8w-xmr4-wgxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9v8w-xmr4-wgxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35992", "GHSA-9v8w-xmr4-wgxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4632-rf32-xfgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102206?format=api", "vulnerability_id": "VCID-4gct-hv2n-8fes", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35969" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35969", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35969" }, { "reference_url": "https://github.com/advisories/GHSA-q2c3-jpmc-gfjx", "reference_id": "GHSA-q2c3-jpmc-gfjx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2c3-jpmc-gfjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35969", "GHSA-q2c3-jpmc-gfjx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gct-hv2n-8fes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102178?format=api", "vulnerability_id": "VCID-542f-yjje-zfad", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18463", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18505", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18542", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1854", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29205" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205" }, { "reference_url": "https://github.com/advisories/GHSA-54ch-gjq5-4976", "reference_id": "GHSA-54ch-gjq5-4976", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54ch-gjq5-4976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29205", "GHSA-54ch-gjq5-4976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-542f-yjje-zfad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102201?format=api", "vulnerability_id": "VCID-5qdx-9g76-3ugr", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35964" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35964", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35964" }, { "reference_url": "https://github.com/advisories/GHSA-f7r5-q7cx-h668", "reference_id": "GHSA-f7r5-q7cx-h668", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7r5-q7cx-h668" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35964", "GHSA-f7r5-q7cx-h668" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qdx-9g76-3ugr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102244?format=api", "vulnerability_id": "VCID-5r5f-1mgp-x3hh", "summary": "TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36017" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36017", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36017" }, { "reference_url": "https://github.com/advisories/GHSA-wqmc-pm8c-2jhc", "reference_id": "GHSA-wqmc-pm8c-2jhc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqmc-pm8c-2jhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36017", "GHSA-wqmc-pm8c-2jhc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5r5f-1mgp-x3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102198?format=api", "vulnerability_id": "VCID-63yf-6n3f-uugw", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35959" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35959", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35959" }, { "reference_url": "https://github.com/advisories/GHSA-wxjj-cgcx-r3vq", "reference_id": "GHSA-wxjj-cgcx-r3vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxjj-cgcx-r3vq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35959", "GHSA-wxjj-cgcx-r3vq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63yf-6n3f-uugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102267?format=api", "vulnerability_id": "VCID-6aey-qzrr-9qdk", "summary": "TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899" }, { "reference_url": "https://github.com/advisories/GHSA-27rc-728f-x5w2", "reference_id": "GHSA-27rc-728f-x5w2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27rc-728f-x5w2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41899", "GHSA-27rc-728f-x5w2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6aey-qzrr-9qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44751?format=api", "vulnerability_id": "VCID-6f4y-m6ca-nyf6", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4301", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43022", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4303", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663" }, { "reference_url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25663", "GHSA-64jg-wjww-7c5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-m6ca-nyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102228?format=api", "vulnerability_id": "VCID-6fzx-5d86-fqcg", "summary": "TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35996" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996" }, { "reference_url": "https://github.com/advisories/GHSA-q5jv-m6qw-5g37", "reference_id": "GHSA-q5jv-m6qw-5g37", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5jv-m6qw-5g37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35996", "GHSA-q5jv-m6qw-5g37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fzx-5d86-fqcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44736?format=api", "vulnerability_id": "VCID-6yy3-r6mh-j3e8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31243", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31244", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31312", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31278", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665" }, { "reference_url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25665", "GHSA-558h-mq8x-7q9g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yy3-r6mh-j3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102270?format=api", "vulnerability_id": "VCID-71dj-4wgv-dkfa", "summary": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53052", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53113", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902" }, { "reference_url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "GHSA-cg88-rpvp-cjv5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41902", "GHSA-cg88-rpvp-cjv5", "GMS-2022-6995", "GMS-2022-7003", "GMS-2022-7011" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71dj-4wgv-dkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102239?format=api", "vulnerability_id": "VCID-7qsc-g2q6-yyev", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36012" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36012", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36012" }, { "reference_url": "https://github.com/advisories/GHSA-jvhc-5hhr-w3v5", "reference_id": "GHSA-jvhc-5hhr-w3v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvhc-5hhr-w3v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36012", "GHSA-jvhc-5hhr-w3v5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qsc-g2q6-yyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102171?format=api", "vulnerability_id": "VCID-8h8c-hzce-sqby", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29198" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ea50a40e84f6bff15a0912728e35b657548cef11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ea50a40e84f6bff15a0912728e35b657548cef11" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mg66-qvc5-rm93", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mg66-qvc5-rm93" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29198" }, { "reference_url": "https://github.com/advisories/GHSA-mg66-qvc5-rm93", "reference_id": "GHSA-mg66-qvc5-rm93", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg66-qvc5-rm93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29198", "GHSA-mg66-qvc5-rm93" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8h8c-hzce-sqby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44752?format=api", "vulnerability_id": "VCID-8nt4-mp8z-b3et", "summary": "Double Free\nTensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2517", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2522", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25235", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801" }, { "reference_url": "https://github.com/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f49c-87jh-g47q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25801", "GHSA-f49c-87jh-g47q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nt4-mp8z-b3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102231?format=api", "vulnerability_id": "VCID-9tbn-pjhn-5bdk", "summary": "TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35999" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35999", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35999" }, { "reference_url": "https://github.com/advisories/GHSA-37jf-mjv6-xfqw", "reference_id": "GHSA-37jf-mjv6-xfqw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37jf-mjv6-xfqw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35999", "GHSA-37jf-mjv6-xfqw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tbn-pjhn-5bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102260?format=api", "vulnerability_id": "VCID-a2bj-bk9e-7fdw", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891" }, { "reference_url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "GHSA-66vq-54fq-6jvv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41891", "GHSA-66vq-54fq-6jvv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2bj-bk9e-7fdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102202?format=api", "vulnerability_id": "VCID-a5ey-dfsw-vfaz", "summary": "TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22705", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35965" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:50Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:50Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35965", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35965" }, { "reference_url": "https://github.com/advisories/GHSA-qxpx-j395-pw36", "reference_id": "GHSA-qxpx-j395-pw36", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxpx-j395-pw36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35965", "GHSA-qxpx-j395-pw36" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ey-dfsw-vfaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102214?format=api", "vulnerability_id": "VCID-ac5u-fzwq-k3bk", "summary": "TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35982" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35982", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35982" }, { "reference_url": "https://github.com/advisories/GHSA-397c-5g2j-qxpv", "reference_id": "GHSA-397c-5g2j-qxpv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-397c-5g2j-qxpv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35982", "GHSA-397c-5g2j-qxpv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ac5u-fzwq-k3bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102223?format=api", "vulnerability_id": "VCID-adbe-gm2b-g7h4", "summary": "TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3463", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34708", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34744", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34728", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35991" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35991", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35991" }, { "reference_url": "https://github.com/advisories/GHSA-vm7x-4qhj-rrcq", "reference_id": "GHSA-vm7x-4qhj-rrcq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm7x-4qhj-rrcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35991", "GHSA-vm7x-4qhj-rrcq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adbe-gm2b-g7h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102237?format=api", "vulnerability_id": "VCID-an2q-1spn-gfgz", "summary": "TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34917", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34953", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34938", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36005" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36005" }, { "reference_url": "https://github.com/advisories/GHSA-r26c-679w-mrjm", "reference_id": "GHSA-r26c-679w-mrjm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r26c-679w-mrjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36005", "GHSA-r26c-679w-mrjm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an2q-1spn-gfgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=api", "vulnerability_id": "VCID-b31k-j7yk-muhz", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81228", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81256", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81258", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668" }, { "reference_url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25668", "GHSA-gw97-ff7c-9v96" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b31k-j7yk-muhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102173?format=api", "vulnerability_id": "VCID-b51p-mfd9-fqge", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29200" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29200", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29200" }, { "reference_url": "https://github.com/advisories/GHSA-2vv3-56qg-g2cf", "reference_id": "GHSA-2vv3-56qg-g2cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2vv3-56qg-g2cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29200", "GHSA-2vv3-56qg-g2cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b51p-mfd9-fqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102234?format=api", "vulnerability_id": "VCID-b6g8-7vy6-gqh7", "summary": "TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36002" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36002" }, { "reference_url": "https://github.com/advisories/GHSA-mh3m-62v7-68xg", "reference_id": "GHSA-mh3m-62v7-68xg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mh3m-62v7-68xg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36002", "GHSA-mh3m-62v7-68xg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6g8-7vy6-gqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102172?format=api", "vulnerability_id": "VCID-bckg-ymqp-eyg6", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17573", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17613", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17646", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29199" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3150642acbbe254e3c3c5d2232143fa591855ac9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3150642acbbe254e3c3c5d2232143fa591855ac9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p9rc-rmr5-529j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p9rc-rmr5-529j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29199", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29199" }, { "reference_url": "https://github.com/advisories/GHSA-p9rc-rmr5-529j", "reference_id": "GHSA-p9rc-rmr5-529j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9rc-rmr5-529j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29199", "GHSA-p9rc-rmr5-529j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bckg-ymqp-eyg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102185?format=api", "vulnerability_id": "VCID-bhtq-drn4-pqfw", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27409", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27387", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27426", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27476", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29211" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/45770", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/45770" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29211", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29211" }, { "reference_url": "https://github.com/advisories/GHSA-xrp2-fhq4-4q3w", "reference_id": "GHSA-xrp2-fhq4-4q3w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrp2-fhq4-4q3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29211", "GHSA-xrp2-fhq4-4q3w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhtq-drn4-pqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102175?format=api", "vulnerability_id": "VCID-bjcs-f4yp-skc3", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20303", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20327", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20376", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29202" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310e" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55199", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55199" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwpm-f78v-7m5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwpm-f78v-7m5c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29202", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29202" }, { "reference_url": "https://github.com/advisories/GHSA-cwpm-f78v-7m5c", "reference_id": "GHSA-cwpm-f78v-7m5c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwpm-f78v-7m5c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29202", "GHSA-cwpm-f78v-7m5c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjcs-f4yp-skc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102265?format=api", "vulnerability_id": "VCID-bmq7-ywhj-w3ap", "summary": "TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897" }, { "reference_url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "GHSA-f2w8-jw48-fr7j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41897", "GHSA-f2w8-jw48-fr7j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmq7-ywhj-w3ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102238?format=api", "vulnerability_id": "VCID-budt-6suv-87fk", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22705", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36011" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36011", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36011" }, { "reference_url": "https://github.com/advisories/GHSA-fv43-93gv-vm8f", "reference_id": "GHSA-fv43-93gv-vm8f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv43-93gv-vm8f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36011", "GHSA-fv43-93gv-vm8f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-budt-6suv-87fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44743?format=api", "vulnerability_id": "VCID-c1qd-61t7-2fe3", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43639", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43652", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43663", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667" }, { "reference_url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25667", "GHSA-fqm2-gh8w-gr68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1qd-61t7-2fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102176?format=api", "vulnerability_id": "VCID-c7xx-8n31-dkd8", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17786", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17826", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17861", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17864", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29203" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29203", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29203" }, { "reference_url": "https://github.com/advisories/GHSA-jjm6-4vf7-cjh4", "reference_id": "GHSA-jjm6-4vf7-cjh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjm6-4vf7-cjh4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29203", "GHSA-jjm6-4vf7-cjh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7xx-8n31-dkd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102235?format=api", "vulnerability_id": "VCID-cnnv-k1mq-bycd", "summary": "TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36003" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36003" }, { "reference_url": "https://github.com/advisories/GHSA-cv2p-32v3-vhwq", "reference_id": "GHSA-cv2p-32v3-vhwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cv2p-32v3-vhwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36003", "GHSA-cv2p-32v3-vhwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnnv-k1mq-bycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44730?format=api", "vulnerability_id": "VCID-cvdm-ubbq-63ew", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660" }, { "reference_url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25660", "GHSA-qjqc-vqcf-5qvj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvdm-ubbq-63ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102193?format=api", "vulnerability_id": "VCID-d1xg-zvu2-pfcf", "summary": "TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46057", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46008", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46076", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46078", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35939" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35939" }, { "reference_url": "https://github.com/advisories/GHSA-ffjm-4qwc-7cmf", "reference_id": "GHSA-ffjm-4qwc-7cmf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffjm-4qwc-7cmf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35939", "GHSA-ffjm-4qwc-7cmf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1xg-zvu2-pfcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36005?format=api", "vulnerability_id": "VCID-d3k4-z4f1-hfhy", "summary": "Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54967", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55024", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55033", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23592" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-101.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-101.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23592", "reference_id": "CVE-2022-23592", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23592" }, { "reference_url": "https://github.com/advisories/GHSA-vq36-27g6-p492", "reference_id": "GHSA-vq36-27g6-p492", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vq36-27g6-p492" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26606?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-rth4-8c4m-f3gd" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.0" } ], "aliases": [ "BIT-tensorflow-2022-23592", "CVE-2022-23592", "GHSA-vq36-27g6-p492", "PYSEC-2022-101", "PYSEC-2022-156" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3k4-z4f1-hfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44746?format=api", "vulnerability_id": "VCID-dftm-vs4w-kfag", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25626", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25683", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25674", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664" }, { "reference_url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25664", "GHSA-6hg6-5c2q-7rcr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dftm-vs4w-kfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102257?format=api", "vulnerability_id": "VCID-dvpe-15m7-puh4", "summary": "TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31038", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31036", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3107", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889" }, { "reference_url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "GHSA-xxcj-rhqg-m46g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41889", "GHSA-xxcj-rhqg-m46g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvpe-15m7-puh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110201?format=api", "vulnerability_id": "VCID-e8a2-ny5z-73au", "summary": "`CHECK` failure in `SobolSample` via missing validation\n### Impact\nAnother instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.\n```python\nimport tensorflow as tf\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))\n```\n\n### Patches\nWe have patched the issue in GitHub commits [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf) and [02400ea266bd811fc016a848445de1bbff3a23a0](https://github.com/tensorflow/tensorflow/commit/02400ea266bd811fc016a848445de1bbff3a23a0)\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick both commits on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. TensorFlow 2.7.4 will have the first commit cherrypicked.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n- Kang Hong Jin from Singapore Management University\n- Neophytos Christou, Secure Systems Labs, Brown University\n- 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology\n- Pattarakrit Rattankul", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc" }, { "reference_url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "GHSA-cqvq-fvhr-v6hc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "GHSA-cqvq-fvhr-v6hc", "GMS-2022-6996", "GMS-2022-7004", "GMS-2022-7012" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8a2-ny5z-73au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102187?format=api", "vulnerability_id": "VCID-efrr-vytn-nbfk", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28262", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28303", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28352", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29213" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55263", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55263" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/55274", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/pull/55274" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29213", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29213" }, { "reference_url": "https://github.com/advisories/GHSA-5889-7v45-q28m", "reference_id": "GHSA-5889-7v45-q28m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5889-7v45-q28m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29213", "GHSA-5889-7v45-q28m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efrr-vytn-nbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102269?format=api", "vulnerability_id": "VCID-ekmw-8ekq-1bfq", "summary": "TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52276", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57785", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57777", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901" }, { "reference_url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "GHSA-g9fm-r5mm-rf9f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41901", "GHSA-g9fm-r5mm-rf9f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekmw-8ekq-1bfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102215?format=api", "vulnerability_id": "VCID-eqjg-vnm4-pbgx", "summary": "TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35983" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35983", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35983" }, { "reference_url": "https://github.com/advisories/GHSA-m6vp-8q9j-whx4", "reference_id": "GHSA-m6vp-8q9j-whx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vp-8q9j-whx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35983", "GHSA-m6vp-8q9j-whx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eqjg-vnm4-pbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102220?format=api", "vulnerability_id": "VCID-eqp9-vbjw-uye1", "summary": "TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22403", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22426", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22475", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22487", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35988" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35988", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35988" }, { "reference_url": "https://github.com/advisories/GHSA-9vqj-64pv-w55c", "reference_id": "GHSA-9vqj-64pv-w55c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9vqj-64pv-w55c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35988", "GHSA-9vqj-64pv-w55c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eqp9-vbjw-uye1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102261?format=api", "vulnerability_id": "VCID-eseh-ekjx-yffk", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41286", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41282", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893" }, { "reference_url": "https://github.com/advisories/GHSA-67pf-62xr-q35m", "reference_id": "GHSA-67pf-62xr-q35m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67pf-62xr-q35m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41893", "GHSA-67pf-62xr-q35m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eseh-ekjx-yffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44731?format=api", "vulnerability_id": "VCID-ev9c-cxzc-p7hb", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35524", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35456", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35562", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662" }, { "reference_url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25662", "GHSA-7jvm-xxmr-v5cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-cxzc-p7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102247?format=api", "vulnerability_id": "VCID-f85h-49x9-7qdw", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36026" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36026", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36026" }, { "reference_url": "https://github.com/advisories/GHSA-9cr2-8pwr-fhfq", "reference_id": "GHSA-9cr2-8pwr-fhfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9cr2-8pwr-fhfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36026", "GHSA-9cr2-8pwr-fhfq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f85h-49x9-7qdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102219?format=api", "vulnerability_id": "VCID-g5du-95mm-uqdv", "summary": "TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35987" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987" }, { "reference_url": "https://github.com/advisories/GHSA-w62h-8xjm-fv49", "reference_id": "GHSA-w62h-8xjm-fv49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w62h-8xjm-fv49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35987", "GHSA-w62h-8xjm-fv49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5du-95mm-uqdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102251?format=api", "vulnerability_id": "VCID-ghqz-dfeq-rygz", "summary": "TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32381", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32421", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35169", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884" }, { "reference_url": "https://github.com/advisories/GHSA-jq6x-99hj-q636", "reference_id": "GHSA-jq6x-99hj-q636", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jq6x-99hj-q636" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41884", "GHSA-jq6x-99hj-q636" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghqz-dfeq-rygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102221?format=api", "vulnerability_id": "VCID-gt24-f126-akej", "summary": "TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35989" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35989", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35989" }, { "reference_url": "https://github.com/advisories/GHSA-j43h-pgmg-5hjq", "reference_id": "GHSA-j43h-pgmg-5hjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j43h-pgmg-5hjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35989", "GHSA-j43h-pgmg-5hjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gt24-f126-akej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102222?format=api", "vulnerability_id": "VCID-gv1k-p9qb-qug3", "summary": "TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35990" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:52Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:52Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990" }, { "reference_url": "https://github.com/advisories/GHSA-h7ff-cfc9-wmmh", "reference_id": "GHSA-h7ff-cfc9-wmmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7ff-cfc9-wmmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35990", "GHSA-h7ff-cfc9-wmmh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv1k-p9qb-qug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44741?format=api", "vulnerability_id": "VCID-h18h-987d-q7he", "summary": "Incorrect Comparison\nTensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579" }, { "reference_url": "https://github.com/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5w96-866f-6rm8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-27579", "GHSA-5w96-866f-6rm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h18h-987d-q7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102227?format=api", "vulnerability_id": "VCID-h9va-2q1u-nfeq", "summary": "TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35995" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35995", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35995" }, { "reference_url": "https://github.com/advisories/GHSA-g9h5-vr8m-x2h4", "reference_id": "GHSA-g9h5-vr8m-x2h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9h5-vr8m-x2h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35995", "GHSA-g9h5-vr8m-x2h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9va-2q1u-nfeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36015?format=api", "vulnerability_id": "VCID-hcud-kg7b-zyhx", "summary": "Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54407", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54417", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54408", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54351", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23593" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23593", "reference_id": "CVE-2022-23593", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23593" }, { "reference_url": "https://github.com/advisories/GHSA-gwcx-jrx4-92w2", "reference_id": "GHSA-gwcx-jrx4-92w2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gwcx-jrx4-92w2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26606?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-rth4-8c4m-f3gd" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.0" } ], "aliases": [ "BIT-tensorflow-2022-23593", "CVE-2022-23593", "GHSA-gwcx-jrx4-92w2", "PYSEC-2022-102", "PYSEC-2022-157" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcud-kg7b-zyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102180?format=api", "vulnerability_id": "VCID-hk5u-5r79-67ee", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2313", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2319", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29206" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse_tensor_dense_add_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse_tensor_dense_add_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/11ced8467eccad9c7cb94867708be8fa5c66c730", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/11ced8467eccad9c7cb94867708be8fa5c66c730" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rc9w-5c64-9vqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rc9w-5c64-9vqq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29206", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29206" }, { "reference_url": "https://github.com/advisories/GHSA-rc9w-5c64-9vqq", "reference_id": "GHSA-rc9w-5c64-9vqq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rc9w-5c64-9vqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29206", "GHSA-rc9w-5c64-9vqq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk5u-5r79-67ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102272?format=api", "vulnerability_id": "VCID-hm4p-s6xd-8uf5", "summary": "TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49113", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54738", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54806", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908" }, { "reference_url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "GHSA-mv77-9g28-cwg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41908", "GHSA-mv77-9g28-cwg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm4p-s6xd-8uf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44750?format=api", "vulnerability_id": "VCID-j7jy-3r33-x7fy", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60443", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60451", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60454", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674" }, { "reference_url": "https://github.com/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf97-q72m-7579" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25674", "GHSA-gf97-q72m-7579" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jy-3r33-x7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102196?format=api", "vulnerability_id": "VCID-juat-vtcr-xbg3", "summary": "TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35941" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35941", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35941" }, { "reference_url": "https://github.com/advisories/GHSA-mgmh-g2v6-mqw5", "reference_id": "GHSA-mgmh-g2v6-mqw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mgmh-g2v6-mqw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145649?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.2" } ], "aliases": [ "CVE-2022-35941", "GHSA-mgmh-g2v6-mqw5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-juat-vtcr-xbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102169?format=api", "vulnerability_id": "VCID-k2ms-13kz-4bgg", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29196" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5v77-j66x-4c4g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5v77-j66x-4c4g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29196", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29196" }, { "reference_url": "https://github.com/advisories/GHSA-5v77-j66x-4c4g", "reference_id": "GHSA-5v77-j66x-4c4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v77-j66x-4c4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29196", "GHSA-5v77-j66x-4c4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ms-13kz-4bgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102189?format=api", "vulnerability_id": "VCID-k3am-7v2s-xqb9", "summary": "TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35934" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35934", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35934" }, { "reference_url": "https://github.com/advisories/GHSA-f4w6-h4f5-wx45", "reference_id": "GHSA-f4w6-h4f5-wx45", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4w6-h4f5-wx45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35934", "GHSA-f4w6-h4f5-wx45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3am-7v2s-xqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102204?format=api", "vulnerability_id": "VCID-kafn-vb69-tub3", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35967" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35967", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35967" }, { "reference_url": "https://github.com/advisories/GHSA-v6h3-348g-6h5x", "reference_id": "GHSA-v6h3-348g-6h5x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6h3-348g-6h5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35967", "GHSA-v6h3-348g-6h5x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kafn-vb69-tub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102236?format=api", "vulnerability_id": "VCID-kb5d-pyxb-4fe9", "summary": "TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32983", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33062", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.331", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36004" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36004" }, { "reference_url": "https://github.com/advisories/GHSA-mv8m-8x97-937q", "reference_id": "GHSA-mv8m-8x97-937q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv8m-8x97-937q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36004", "GHSA-mv8m-8x97-937q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb5d-pyxb-4fe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102168?format=api", "vulnerability_id": "VCID-kkbz-sb6d-nkb9", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17573", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17613", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17646", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29195" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h48f-q7rw-hvr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h48f-q7rw-hvr7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29195", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29195" }, { "reference_url": "https://github.com/advisories/GHSA-h48f-q7rw-hvr7", "reference_id": "GHSA-h48f-q7rw-hvr7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h48f-q7rw-hvr7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29195", "GHSA-h48f-q7rw-hvr7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkbz-sb6d-nkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110102?format=api", "vulnerability_id": "VCID-kzhb-zzzm-ebe1", "summary": "`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode\n### Impact\nAnother instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=''\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf9932fc907aff0e9e8cccf769e8b00d30fd81a1](https://github.com/tensorflow/tensorflow/commit/bf9932fc907aff0e9e8cccf769e8b00d30fd81a1).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m" }, { "reference_url": "https://github.com/advisories/GHSA-xf83-q765-xm6m", "reference_id": "GHSA-xf83-q765-xm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf83-q765-xm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "GHSA-xf83-q765-xm6m", "GMS-2022-7001", "GMS-2022-7009", "GMS-2022-7017" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzhb-zzzm-ebe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44749?format=api", "vulnerability_id": "VCID-mj52-z2qy-4bd8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28107", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28126", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28197", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28147", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672" }, { "reference_url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25672", "GHSA-94mm-g2mv-8p7r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj52-z2qy-4bd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102165?format=api", "vulnerability_id": "VCID-mpr8-1wz2-kfgv", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34219", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34254", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34238", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29192" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h2wq-prv9-2f56", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h2wq-prv9-2f56" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29192", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29192" }, { "reference_url": "https://github.com/advisories/GHSA-h2wq-prv9-2f56", "reference_id": "GHSA-h2wq-prv9-2f56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2wq-prv9-2f56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29192", "GHSA-h2wq-prv9-2f56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpr8-1wz2-kfgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102197?format=api", "vulnerability_id": "VCID-mtkv-vxpu-m3fu", "summary": "TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44509", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44564", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44586", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44578", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35952" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35952", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35952" }, { "reference_url": "https://github.com/advisories/GHSA-h5vq-gw2c-pq47", "reference_id": "GHSA-h5vq-gw2c-pq47", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5vq-gw2c-pq47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35952", "GHSA-h5vq-gw2c-pq47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtkv-vxpu-m3fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102205?format=api", "vulnerability_id": "VCID-njmm-n794-tqcr", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21615", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21635", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2168", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21693", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35968" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35968", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35968" }, { "reference_url": "https://github.com/advisories/GHSA-2475-53vw-vp25", "reference_id": "GHSA-2475-53vw-vp25", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2475-53vw-vp25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35968", "GHSA-2475-53vw-vp25" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njmm-n794-tqcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102188?format=api", "vulnerability_id": "VCID-nkyd-wte8-zbc8", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27334", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27403", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31145", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31181", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29216" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29216", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29216" }, { "reference_url": "https://github.com/advisories/GHSA-75c9-jrh4-79mc", "reference_id": "GHSA-75c9-jrh4-79mc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75c9-jrh4-79mc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29216", "GHSA-75c9-jrh4-79mc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkyd-wte8-zbc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102273?format=api", "vulnerability_id": "VCID-nn1z-3z62-5fby", "summary": "TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60705", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65677", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65666", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909" }, { "reference_url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "GHSA-rjx6-v474-2ch9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41909", "GHSA-rjx6-v474-2ch9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn1z-3z62-5fby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102216?format=api", "vulnerability_id": "VCID-nttr-e3uq-tbew", "summary": "TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35984" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:03Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:03Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35984", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35984" }, { "reference_url": "https://github.com/advisories/GHSA-p2xf-8hgm-hpw5", "reference_id": "GHSA-p2xf-8hgm-hpw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2xf-8hgm-hpw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35984", "GHSA-p2xf-8hgm-hpw5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nttr-e3uq-tbew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102246?format=api", "vulnerability_id": "VCID-ppev-q19c-jfcd", "summary": "TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36019" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36019", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36019" }, { "reference_url": "https://github.com/advisories/GHSA-9j4v-pp28-mxv7", "reference_id": "GHSA-9j4v-pp28-mxv7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9j4v-pp28-mxv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36019", "GHSA-9j4v-pp28-mxv7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppev-q19c-jfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102252?format=api", "vulnerability_id": "VCID-pw2j-ex1f-wkgd", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37623", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37809", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37807", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37715", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885" }, { "reference_url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "GHSA-762h-vpvw-3rcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148473?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-41885", "GHSA-762h-vpvw-3rcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pw2j-ex1f-wkgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44748?format=api", "vulnerability_id": "VCID-q2hk-yjnj-jbfb", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676" }, { "reference_url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25676", "GHSA-6wfh-89q8-44jq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2hk-yjnj-jbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102208?format=api", "vulnerability_id": "VCID-q8m1-bjce-67bd", "summary": "TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35971" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:30Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:30Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35971", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35971" }, { "reference_url": "https://github.com/advisories/GHSA-9fpg-838v-wpv7", "reference_id": "GHSA-9fpg-838v-wpv7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fpg-838v-wpv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35971", "GHSA-9fpg-838v-wpv7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8m1-bjce-67bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44737?format=api", "vulnerability_id": "VCID-qh3y-aeak-u3hg", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42537", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.4248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42554", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42564", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659" }, { "reference_url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25659", "GHSA-93vr-9q9m-pj8p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh3y-aeak-u3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102170?format=api", "vulnerability_id": "VCID-qhtm-u49u-zyeg", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29197" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/13d38a07ce9143e044aa737cfd7bb759d0e9b400", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/13d38a07ce9143e044aa737cfd7bb759d0e9b400" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hrg5-737c-2p56", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hrg5-737c-2p56" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29197", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29197" }, { "reference_url": "https://github.com/advisories/GHSA-hrg5-737c-2p56", "reference_id": "GHSA-hrg5-737c-2p56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hrg5-737c-2p56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29197", "GHSA-hrg5-737c-2p56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhtm-u49u-zyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111033?format=api", "vulnerability_id": "VCID-qp8b-wyj4-h7e4", "summary": "`CHECK` failure in depthwise ops via overflows\n### Impact\nThe implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via `CHECK`-failure (assertion failure) caused by overflowing the number of elements in a tensor:\n\n```python\nimport tensorflow as tf\n\ninput = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)\nfilter_sizes = tf.constant(1879048192, shape=[13], dtype=tf.int32)\nout_backprop = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)\ntf.raw_ops.DepthwiseConv2dNativeBackpropFilter(\n input=input, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], padding=\"SAME\")\n```\n \nThis is another instance of [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) (CVE-2021-41197).\n \n### Patches\nWe have patched the issue in GitHub commit [3796cc4fcd93ae55812a457abc96dcd55fbb854b](https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b).\n\nThe fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou from Secure Systems Lab at Brown University.", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379" }, { "reference_url": "https://github.com/advisories/GHSA-mw6j-hh29-h379", "reference_id": "GHSA-mw6j-hh29-h379", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mw6j-hh29-h379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "GHSA-mw6j-hh29-h379", "GMS-2022-1528", "GMS-2022-1532", "GMS-2022-1536" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp8b-wyj4-h7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102164?format=api", "vulnerability_id": "VCID-r11x-hcqs-cfgb", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34219", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34254", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34238", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29191" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv25-wrff-wf86", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv25-wrff-wf86" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29191" }, { "reference_url": "https://github.com/advisories/GHSA-fv25-wrff-wf86", "reference_id": "GHSA-fv25-wrff-wf86", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv25-wrff-wf86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29191", "GHSA-fv25-wrff-wf86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r11x-hcqs-cfgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102177?format=api", "vulnerability_id": "VCID-r14r-z3cv-1qa6", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19566", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19595", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19637", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19643", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29204" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29204", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29204" }, { "reference_url": "https://github.com/advisories/GHSA-hx9q-2mx4-m4pg", "reference_id": "GHSA-hx9q-2mx4-m4pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hx9q-2mx4-m4pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29204", "GHSA-hx9q-2mx4-m4pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r14r-z3cv-1qa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102182?format=api", "vulnerability_id": "VCID-r3y2-x3nx-67ac", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33136", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33216", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33253", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33239", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29208" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29208", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29208" }, { "reference_url": "https://github.com/advisories/GHSA-2r2f-g8mw-9gvr", "reference_id": "GHSA-2r2f-g8mw-9gvr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2r2f-g8mw-9gvr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29208", "GHSA-2r2f-g8mw-9gvr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3y2-x3nx-67ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102212?format=api", "vulnerability_id": "VCID-raep-npkq-b3fx", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35979" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35979", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35979" }, { "reference_url": "https://github.com/advisories/GHSA-v7vw-577f-vp8x", "reference_id": "GHSA-v7vw-577f-vp8x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7vw-577f-vp8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35979", "GHSA-v7vw-577f-vp8x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-raep-npkq-b3fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102275?format=api", "vulnerability_id": "VCID-rdtn-n88f-pqas", "summary": "TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36427", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36492", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36529", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36521", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911" }, { "reference_url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "GHSA-pf36-r9c6-h97j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41911", "GHSA-pf36-r9c6-h97j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtn-n88f-pqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102256?format=api", "vulnerability_id": "VCID-rh99-4vre-gfde", "summary": "TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41399", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47464", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47528", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888" }, { "reference_url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "GHSA-6x99-gv2v-q76v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41888", "GHSA-6x99-gv2v-q76v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rh99-4vre-gfde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102268?format=api", "vulnerability_id": "VCID-scvf-p5ff-c3df", "summary": "TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01207", "scoring_system": "epss", "scoring_elements": "0.79315", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79644", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79639", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900" }, { "reference_url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "GHSA-xvwp-h6jv-7472", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41900", "GHSA-xvwp-h6jv-7472" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scvf-p5ff-c3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102203?format=api", "vulnerability_id": "VCID-sevq-49gc-k3eh", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35966" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35966", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35966" }, { "reference_url": "https://github.com/advisories/GHSA-4w68-4x85-mjj9", "reference_id": "GHSA-4w68-4x85-mjj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4w68-4x85-mjj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35966", "GHSA-4w68-4x85-mjj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sevq-49gc-k3eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102190?format=api", "vulnerability_id": "VCID-shq8-1n4y-vkc5", "summary": "TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26039", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26091", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26136", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26142", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35935" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35935", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35935" }, { "reference_url": "https://github.com/advisories/GHSA-97p7-w86h-vcf9", "reference_id": "GHSA-97p7-w86h-vcf9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97p7-w86h-vcf9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35935", "GHSA-97p7-w86h-vcf9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shq8-1n4y-vkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102191?format=api", "vulnerability_id": "VCID-t2dj-e6dk-m7f2", "summary": "TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31427", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31431", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31498", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31464", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35937" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35937", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35937" }, { "reference_url": "https://github.com/advisories/GHSA-pxrw-j2fv-hx3h", "reference_id": "GHSA-pxrw-j2fv-hx3h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pxrw-j2fv-hx3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35937", "GHSA-pxrw-j2fv-hx3h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2dj-e6dk-m7f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102259?format=api", "vulnerability_id": "VCID-tuqw-n8ka-jfht", "summary": "TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34384", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3442", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34404", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890" }, { "reference_url": "https://github.com/advisories/GHSA-h246-cgh4-7475", "reference_id": "GHSA-h246-cgh4-7475", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h246-cgh4-7475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41890", "GHSA-h246-cgh4-7475" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqw-n8ka-jfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102181?format=api", "vulnerability_id": "VCID-udmn-j2p9-xuez", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17867", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17903", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17907", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29207" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29207", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29207" }, { "reference_url": "https://github.com/advisories/GHSA-5wpj-c6f7-24x8", "reference_id": "GHSA-5wpj-c6f7-24x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5wpj-c6f7-24x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29207", "GHSA-5wpj-c6f7-24x8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udmn-j2p9-xuez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102207?format=api", "vulnerability_id": "VCID-uhxa-me3d-sbhj", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35970" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35970", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35970" }, { "reference_url": "https://github.com/advisories/GHSA-g35r-369w-3fqp", "reference_id": "GHSA-g35r-369w-3fqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g35r-369w-3fqp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35970", "GHSA-g35r-369w-3fqp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uhxa-me3d-sbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44732?format=api", "vulnerability_id": "VCID-upnq-6wx8-gug8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51616", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51571", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51631", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51637", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673" }, { "reference_url": "https://github.com/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-647v-r7qq-24fh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25673", "GHSA-647v-r7qq-24fh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upnq-6wx8-gug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102233?format=api", "vulnerability_id": "VCID-urkj-g83d-xkh8", "summary": "TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36001" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36001" }, { "reference_url": "https://github.com/advisories/GHSA-jqm7-m5q7-3hm5", "reference_id": "GHSA-jqm7-m5q7-3hm5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jqm7-m5q7-3hm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36001", "GHSA-jqm7-m5q7-3hm5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urkj-g83d-xkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102174?format=api", "vulnerability_id": "VCID-uucj-un2y-h7h8", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17573", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17613", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17646", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29201" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29201", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29201" }, { "reference_url": "https://github.com/advisories/GHSA-pqhm-4wvf-2jg8", "reference_id": "GHSA-pqhm-4wvf-2jg8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqhm-4wvf-2jg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29201", "GHSA-pqhm-4wvf-2jg8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uucj-un2y-h7h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44742?format=api", "vulnerability_id": "VCID-v68f-q5vf-wkf5", "summary": "Incorrect Comparison\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675" }, { "reference_url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25675", "GHSA-7x4v-9gxg-9hwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v68f-q5vf-wkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102232?format=api", "vulnerability_id": "VCID-vpg8-m282-bbfb", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22705", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36000" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36000", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36000" }, { "reference_url": "https://github.com/advisories/GHSA-fqxc-pvf8-2w9v", "reference_id": "GHSA-fqxc-pvf8-2w9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqxc-pvf8-2w9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36000", "GHSA-fqxc-pvf8-2w9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpg8-m282-bbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102242?format=api", "vulnerability_id": "VCID-vtgx-x9t1-eyb1", "summary": "TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36015" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36015", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36015" }, { "reference_url": "https://github.com/advisories/GHSA-rh87-q4vg-m45j", "reference_id": "GHSA-rh87-q4vg-m45j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rh87-q4vg-m45j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36015", "GHSA-rh87-q4vg-m45j" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtgx-x9t1-eyb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102263?format=api", "vulnerability_id": "VCID-vxm3-72uk-zbb8", "summary": "TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895" }, { "reference_url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "GHSA-gq2j-cr96-gvqx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41895", "GHSA-gq2j-cr96-gvqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxm3-72uk-zbb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102217?format=api", "vulnerability_id": "VCID-w316-z2dk-sbdy", "summary": "TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35985" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:00Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:00Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35985", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35985" }, { "reference_url": "https://github.com/advisories/GHSA-9942-r22v-78cp", "reference_id": "GHSA-9942-r22v-78cp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9942-r22v-78cp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35985", "GHSA-9942-r22v-78cp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w316-z2dk-sbdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44738?format=api", "vulnerability_id": "VCID-w5vq-nwu5-pken", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670" }, { "reference_url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25670", "GHSA-49rq-hwc3-x77w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5vq-nwu5-pken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102249?format=api", "vulnerability_id": "VCID-wdks-wa1n-ckhx", "summary": "TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36583", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36685", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36677", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39276", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880" }, { "reference_url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "GHSA-8w5g-3wcv-9g2j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41880", "GHSA-8w5g-3wcv-9g2j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdks-wa1n-ckhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102195?format=api", "vulnerability_id": "VCID-wvbd-6s6n-fqdz", "summary": "TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35940" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35940" }, { "reference_url": "https://github.com/advisories/GHSA-x989-q2pq-4q5x", "reference_id": "GHSA-x989-q2pq-4q5x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x989-q2pq-4q5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35940", "GHSA-x989-q2pq-4q5x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvbd-6s6n-fqdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102229?format=api", "vulnerability_id": "VCID-x2hf-a9qm-t3du", "summary": "TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.148", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14842", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14882", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14886", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35997" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35997", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35997" }, { "reference_url": "https://github.com/advisories/GHSA-p7hr-f446-x6qf", "reference_id": "GHSA-p7hr-f446-x6qf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7hr-f446-x6qf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35997", "GHSA-p7hr-f446-x6qf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hf-a9qm-t3du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102225?format=api", "vulnerability_id": "VCID-x7s3-qyrt-mbat", "summary": "TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35993" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35993", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35993" }, { "reference_url": "https://github.com/advisories/GHSA-wq6q-6m32-9rv9", "reference_id": "GHSA-wq6q-6m32-9rv9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq6q-6m32-9rv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35993", "GHSA-wq6q-6m32-9rv9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7s3-qyrt-mbat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44735?format=api", "vulnerability_id": "VCID-xej2-7wvk-xuec", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17042", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17037", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658" }, { "reference_url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25658", "GHSA-68v3-g9cm-rmm6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xej2-7wvk-xuec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102209?format=api", "vulnerability_id": "VCID-xuzj-9346-tuf3", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35972" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35972", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35972" }, { "reference_url": "https://github.com/advisories/GHSA-4pc4-m9mj-v2r9", "reference_id": "GHSA-4pc4-m9mj-v2r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pc4-m9mj-v2r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35972", "GHSA-4pc4-m9mj-v2r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xuzj-9346-tuf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102245?format=api", "vulnerability_id": "VCID-ybth-xfxp-c7fu", "summary": "TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36018" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36018", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36018" }, { "reference_url": "https://github.com/advisories/GHSA-m6cv-4fmf-66xf", "reference_id": "GHSA-m6cv-4fmf-66xf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6cv-4fmf-66xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36018", "GHSA-m6cv-4fmf-66xf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybth-xfxp-c7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102255?format=api", "vulnerability_id": "VCID-yrtd-47vc-muff", "summary": "TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3399", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34107", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34091", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36511", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887" }, { "reference_url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "GHSA-8fvv-46hw-vpg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41887", "GHSA-8fvv-46hw-vpg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrtd-47vc-muff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102266?format=api", "vulnerability_id": "VCID-yy9b-ymk2-5kea", "summary": "TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898" }, { "reference_url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "GHSA-hq7g-wwwp-q46h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41898", "GHSA-hq7g-wwwp-q46h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy9b-ymk2-5kea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102264?format=api", "vulnerability_id": "VCID-zc2s-1rty-hyd9", "summary": "TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896" }, { "reference_url": "https://github.com/advisories/GHSA-rmg2-f698-wq35", "reference_id": "GHSA-rmg2-f698-wq35", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmg2-f698-wq35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41896", "GHSA-rmg2-f698-wq35" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2s-1rty-hyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102226?format=api", "vulnerability_id": "VCID-zfqe-wftj-nke3", "summary": "TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35994" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35994", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35994" }, { "reference_url": "https://github.com/advisories/GHSA-fhfc-2q7x-929f", "reference_id": "GHSA-fhfc-2q7x-929f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhfc-2q7x-929f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35994", "GHSA-fhfc-2q7x-929f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfqe-wftj-nke3" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36029?format=api", "vulnerability_id": "VCID-217a-71wn-nybg", "summary": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66621", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66654", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66669", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66661", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23572" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-81.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-136.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cb164786dc891ea11d3a900e90367c339305dc7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cb164786dc891ea11d3a900e90367c339305dc7b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rww7-2gpw-fv6j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rww7-2gpw-fv6j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23572", "reference_id": "CVE-2022-23572", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23572" }, { "reference_url": "https://github.com/advisories/GHSA-rww7-2gpw-fv6j", "reference_id": "GHSA-rww7-2gpw-fv6j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rww7-2gpw-fv6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23572", "CVE-2022-23572", "GHSA-rww7-2gpw-fv6j", "PYSEC-2022-136", "PYSEC-2022-81" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-217a-71wn-nybg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36002?format=api", "vulnerability_id": "VCID-2hj4-bbfq-xqfj", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23575" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-84.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-84.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-139.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-139.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23575", "reference_id": "CVE-2022-23575", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23575" }, { "reference_url": "https://github.com/advisories/GHSA-c94w-c95p-phf8", "reference_id": "GHSA-c94w-c95p-phf8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c94w-c95p-phf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23575", "CVE-2022-23575", "GHSA-c94w-c95p-phf8", "PYSEC-2022-139", "PYSEC-2022-84" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hj4-bbfq-xqfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36004?format=api", "vulnerability_id": "VCID-2sak-438s-bbg8", "summary": "Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60437", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60476", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60488", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23566" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-75.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-75.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-130.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-130.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23566", "reference_id": "CVE-2022-23566", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23566" }, { "reference_url": "https://github.com/advisories/GHSA-5qw5-89mw-wcg2", "reference_id": "GHSA-5qw5-89mw-wcg2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5qw5-89mw-wcg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23566", "CVE-2022-23566", "GHSA-5qw5-89mw-wcg2", "PYSEC-2022-130", "PYSEC-2022-75" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sak-438s-bbg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36033?format=api", "vulnerability_id": "VCID-2t7w-zpd8-suc9", "summary": "Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02801", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02854", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02846", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02834", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23563" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-72.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-72.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-127.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-127.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23563", "reference_id": "CVE-2022-23563", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23563" }, { "reference_url": "https://github.com/advisories/GHSA-wc4g-r73w-x8mm", "reference_id": "GHSA-wc4g-r73w-x8mm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wc4g-r73w-x8mm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23563", "CVE-2022-23563", "GHSA-wc4g-r73w-x8mm", "PYSEC-2022-127", "PYSEC-2022-72" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2t7w-zpd8-suc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42253?format=api", "vulnerability_id": "VCID-34je-dsqs-2qeh", "summary": "Out-of-bounds Read\nTensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05088", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05092", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05109", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05094", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23594" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23594", "reference_id": "CVE-2022-23594", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23594" }, { "reference_url": "https://github.com/advisories/GHSA-9x52-887g-fhc2", "reference_id": "GHSA-9x52-887g-fhc2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9x52-887g-fhc2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2", "reference_id": "GHSA-9x52-887g-fhc2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "CVE-2022-23594", "GHSA-9x52-887g-fhc2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34je-dsqs-2qeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42296?format=api", "vulnerability_id": "VCID-3nws-uqh8-wydf", "summary": "NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow\n### Impact \nThe code for boosted trees in TensorFlow is still missing validation. This allows malicious users to read and write outside of bounds of heap allocated data as well as trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures).\n\nThis follows after CVE-2021-41208 where these APIs were still vulnerable to multiple security issues.\n\n**Note**: Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. Instead, please use the downstream [TensorFlow Decision Forests] project which is newer and supports more features. \n \nThese APIs are now deprecated in TensorFlow 2.8. We will remove TensorFlow's boosted trees APIs in subsequent releases.\n \n### Patches\nWe have patched the known issues in multiple GitHub commits.\n \nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nThis should allow users to use existing boosted trees APIs for a while until they migrate to TensorFlow Decision Forests while guaranteeing that known vulnerabilities are fixed.\n\n### For more information\nPlease consult our security guide for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThese vulnerabilities have been reported by Yu Tian of Qihoo 360 AIVul Team and Faysal Hossain Shezan from University of Virginia. Some of the issues have been discovered internally after a careful audit of the APIs.", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88" }, { "reference_url": "https://github.com/advisories/GHSA-h6gw-r52c-724r", "reference_id": "GHSA-h6gw-r52c-724r", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6gw-r52c-724r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r", "reference_id": "GHSA-h6gw-r52c-724r", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "GHSA-h6gw-r52c-724r", "GMS-2022-49", "GMS-2022-52", "GMS-2022-55" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nws-uqh8-wydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35981?format=api", "vulnerability_id": "VCID-3y5w-424q-8qcn", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52754", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52803", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.5282", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52813", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21726" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-50.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-50.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-105.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-105.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21726", "reference_id": "CVE-2022-21726", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21726" }, { "reference_url": "https://github.com/advisories/GHSA-23hm-7w47-xw72", "reference_id": "GHSA-23hm-7w47-xw72", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-23hm-7w47-xw72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21726", "CVE-2022-21726", "GHSA-23hm-7w47-xw72", "PYSEC-2022-105", "PYSEC-2022-50" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3y5w-424q-8qcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36006?format=api", "vulnerability_id": "VCID-4n1w-zfpr-dugh", "summary": "Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65216", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65257", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65269", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65259", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23581" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23581", "reference_id": "CVE-2022-23581", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23581" }, { "reference_url": "https://github.com/advisories/GHSA-fq86-3f29-px2c", "reference_id": "GHSA-fq86-3f29-px2c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fq86-3f29-px2c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23581", "CVE-2022-23581", "GHSA-fq86-3f29-px2c", "PYSEC-2022-145", "PYSEC-2022-90" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4n1w-zfpr-dugh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36034?format=api", "vulnerability_id": "VCID-56kw-66kj-1kb7", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30225", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30261", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23565" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-74.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-74.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-129.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-129.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23565", "reference_id": "CVE-2022-23565", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23565" }, { "reference_url": "https://github.com/advisories/GHSA-4v5p-v5h9-6xjx", "reference_id": "GHSA-4v5p-v5h9-6xjx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4v5p-v5h9-6xjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23565", "CVE-2022-23565", "GHSA-4v5p-v5h9-6xjx", "PYSEC-2022-129", "PYSEC-2022-74" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56kw-66kj-1kb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36007?format=api", "vulnerability_id": "VCID-65fu-yg2h-zycr", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53053", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53103", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53122", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53114", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23573" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-82.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-82.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-137.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-137.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/assign_op.h#L30-L143", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/assign_op.h#L30-L143" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ef1d027be116f25e25bb94a60da491c2cf55bd0b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ef1d027be116f25e25bb94a60da491c2cf55bd0b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23573", "reference_id": "CVE-2022-23573", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23573" }, { "reference_url": "https://github.com/advisories/GHSA-q85f-69q7-55h2", "reference_id": "GHSA-q85f-69q7-55h2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q85f-69q7-55h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23573", "CVE-2022-23573", "GHSA-q85f-69q7-55h2", "PYSEC-2022-137", "PYSEC-2022-82" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65fu-yg2h-zycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36025?format=api", "vulnerability_id": "VCID-6bgf-h7cu-27ec", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67069", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.67118", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6711", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23559" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-68.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-68.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-123.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-123.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23559", "reference_id": "CVE-2022-23559", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23559" }, { "reference_url": "https://github.com/advisories/GHSA-98p5-x8x4-c9m5", "reference_id": "GHSA-98p5-x8x4-c9m5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98p5-x8x4-c9m5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23559", "CVE-2022-23559", "GHSA-98p5-x8x4-c9m5", "PYSEC-2022-123", "PYSEC-2022-68" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bgf-h7cu-27ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36022?format=api", "vulnerability_id": "VCID-6jvw-p6me-mke6", "summary": "Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46152", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46201", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46221", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46219", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23579" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-88.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-88.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-143.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-143.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23579", "reference_id": "CVE-2022-23579", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23579" }, { "reference_url": "https://github.com/advisories/GHSA-5f2r-qp73-37mr", "reference_id": "GHSA-5f2r-qp73-37mr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f2r-qp73-37mr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23579", "CVE-2022-23579", "GHSA-5f2r-qp73-37mr", "PYSEC-2022-143", "PYSEC-2022-88" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jvw-p6me-mke6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36030?format=api", "vulnerability_id": "VCID-6nfa-78eb-jffv", "summary": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53668", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53722", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53734", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53726", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23589" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23589", "reference_id": "CVE-2022-23589", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23589" }, { "reference_url": "https://github.com/advisories/GHSA-9px9-73fg-3fqp", "reference_id": "GHSA-9px9-73fg-3fqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9px9-73fg-3fqp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23589", "CVE-2022-23589", "GHSA-9px9-73fg-3fqp", "PYSEC-2022-153", "PYSEC-2022-98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6nfa-78eb-jffv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35990?format=api", "vulnerability_id": "VCID-6set-8e9p-nyeu", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21735" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-59.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-59.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-114.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-114.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_max_pool_op.cc#L36-L192", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_max_pool_op.cc#L36-L192" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21735", "reference_id": "CVE-2022-21735", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21735" }, { "reference_url": "https://github.com/advisories/GHSA-87v6-crgm-2gfj", "reference_id": "GHSA-87v6-crgm-2gfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-87v6-crgm-2gfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21735", "CVE-2022-21735", "GHSA-87v6-crgm-2gfj", "PYSEC-2022-114", "PYSEC-2022-59" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6set-8e9p-nyeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36016?format=api", "vulnerability_id": "VCID-6xhv-euz8-zkc8", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48732", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48783", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48801", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48793", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23584" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-93.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-93.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-148.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23584", "reference_id": "CVE-2022-23584", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23584" }, { "reference_url": "https://github.com/advisories/GHSA-24x4-6qmh-88qg", "reference_id": "GHSA-24x4-6qmh-88qg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-24x4-6qmh-88qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23584", "CVE-2022-23584", "GHSA-24x4-6qmh-88qg", "PYSEC-2022-148", "PYSEC-2022-93" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xhv-euz8-zkc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36031?format=api", "vulnerability_id": "VCID-76t8-h98v-buhf", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30225", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30261", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23571" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-80.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-80.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-135.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-135.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5b491cd5e41ad63735161cec9c2a568172c8b6a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5b491cd5e41ad63735161cec9c2a568172c8b6a3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j3mj-fhpq-qqjj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j3mj-fhpq-qqjj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23571", "reference_id": "CVE-2022-23571", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23571" }, { "reference_url": "https://github.com/advisories/GHSA-j3mj-fhpq-qqjj", "reference_id": "GHSA-j3mj-fhpq-qqjj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3mj-fhpq-qqjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23571", "CVE-2022-23571", "GHSA-j3mj-fhpq-qqjj", "PYSEC-2022-135", "PYSEC-2022-80" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76t8-h98v-buhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35987?format=api", "vulnerability_id": "VCID-7jup-pyyw-c3eg", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64023", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64034", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64026", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63983", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23567" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23567", "reference_id": "CVE-2022-23567", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23567" }, { "reference_url": "https://github.com/advisories/GHSA-rrx2-r989-2c43", "reference_id": "GHSA-rrx2-r989-2c43", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrx2-r989-2c43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23567", "CVE-2022-23567", "GHSA-rrx2-r989-2c43", "PYSEC-2022-131", "PYSEC-2022-76" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jup-pyyw-c3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36023?format=api", "vulnerability_id": "VCID-7rgb-m55r-4yhr", "summary": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53125", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53144", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53136", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23587" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-96.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-96.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-151.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-151.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23587", "reference_id": "CVE-2022-23587", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23587" }, { "reference_url": "https://github.com/advisories/GHSA-8jj7-5vxc-pg2q", "reference_id": "GHSA-8jj7-5vxc-pg2q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jj7-5vxc-pg2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23587", "CVE-2022-23587", "GHSA-8jj7-5vxc-pg2q", "PYSEC-2022-151", "PYSEC-2022-96" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rgb-m55r-4yhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36019?format=api", "vulnerability_id": "VCID-7z58-8eek-3fg2", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53171", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53223", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53241", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53233", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23560" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-69.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-69.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-124.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-124.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23560", "reference_id": "CVE-2022-23560", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23560" }, { "reference_url": "https://github.com/advisories/GHSA-4hvf-hxvg-f67v", "reference_id": "GHSA-4hvf-hxvg-f67v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hvf-hxvg-f67v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23560", "CVE-2022-23560", "GHSA-4hvf-hxvg-f67v", "PYSEC-2022-124", "PYSEC-2022-69" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7z58-8eek-3fg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35994?format=api", "vulnerability_id": "VCID-87r3-u8t5-m7d2", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21729" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-53.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-108.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-108.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47af", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47af" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21729", "reference_id": "CVE-2022-21729", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21729" }, { "reference_url": "https://github.com/advisories/GHSA-34f9-hjfq-rr8j", "reference_id": "GHSA-34f9-hjfq-rr8j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34f9-hjfq-rr8j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21729", "CVE-2022-21729", "GHSA-34f9-hjfq-rr8j", "PYSEC-2022-108", "PYSEC-2022-53" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87r3-u8t5-m7d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36027?format=api", "vulnerability_id": "VCID-8b1b-hevb-cqht", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53971", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53983", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53975", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23588" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-97.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-97.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-152.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-152.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/tensor.cc#L733-L781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/tensor.cc#L733-L781" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1328-L1402", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1328-L1402" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6b5adc0877de832b2a7c189532dbbbc64622eeb6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6b5adc0877de832b2a7c189532dbbbc64622eeb6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fx5c-h9f6-rv7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fx5c-h9f6-rv7c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23588", "reference_id": "CVE-2022-23588", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23588" }, { "reference_url": "https://github.com/advisories/GHSA-fx5c-h9f6-rv7c", "reference_id": "GHSA-fx5c-h9f6-rv7c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fx5c-h9f6-rv7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23588", "CVE-2022-23588", "GHSA-fx5c-h9f6-rv7c", "PYSEC-2022-152", "PYSEC-2022-97" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8b1b-hevb-cqht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35985?format=api", "vulnerability_id": "VCID-af9s-d9qq-tuh7", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53975", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53971", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53983", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23568" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23568", "reference_id": "CVE-2022-23568", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23568" }, { "reference_url": "https://github.com/advisories/GHSA-6445-fm66-fvq2", "reference_id": "GHSA-6445-fm66-fvq2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6445-fm66-fvq2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23568", "CVE-2022-23568", "GHSA-6445-fm66-fvq2", "PYSEC-2022-132", "PYSEC-2022-77" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-af9s-d9qq-tuh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35998?format=api", "vulnerability_id": "VCID-bmvq-fjkr-2fc3", "summary": "Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46219", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46201", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46221", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46152", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21741" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-65.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-65.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-120.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-120.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21741", "reference_id": "CVE-2022-21741", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21741" }, { "reference_url": "https://github.com/advisories/GHSA-428x-9xc2-m8mj", "reference_id": "GHSA-428x-9xc2-m8mj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-428x-9xc2-m8mj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21741", "CVE-2022-21741", "GHSA-428x-9xc2-m8mj", "PYSEC-2022-120", "PYSEC-2022-65" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmvq-fjkr-2fc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36010?format=api", "vulnerability_id": "VCID-bvuf-q5tx-x3ec", "summary": "Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42037", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42065", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42054", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.4198", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23578" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-87.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-87.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-142.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-142.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23578", "reference_id": "CVE-2022-23578", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23578" }, { "reference_url": "https://github.com/advisories/GHSA-8r7c-3cm2-3h8f", "reference_id": "GHSA-8r7c-3cm2-3h8f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r7c-3cm2-3h8f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23578", "CVE-2022-23578", "GHSA-8r7c-3cm2-3h8f", "PYSEC-2022-142", "PYSEC-2022-87" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvuf-q5tx-x3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36020?format=api", "vulnerability_id": "VCID-c5wa-uqe8-yqh1", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38727", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38755", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38751", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38662", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23561" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-70.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-125.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-125.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23561", "reference_id": "CVE-2022-23561", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23561" }, { "reference_url": "https://github.com/advisories/GHSA-9c78-vcq7-7vxq", "reference_id": "GHSA-9c78-vcq7-7vxq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c78-vcq7-7vxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23561", "CVE-2022-23561", "GHSA-9c78-vcq7-7vxq", "PYSEC-2022-125", "PYSEC-2022-70" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5wa-uqe8-yqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36012?format=api", "vulnerability_id": "VCID-d3qq-2w3d-dqe8", "summary": "Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53688", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53742", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53755", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53746", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23580" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23580", "reference_id": "CVE-2022-23580", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23580" }, { "reference_url": "https://github.com/advisories/GHSA-627q-g293-49q7", "reference_id": "GHSA-627q-g293-49q7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-627q-g293-49q7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23580", "CVE-2022-23580", "GHSA-627q-g293-49q7", "PYSEC-2022-144", "PYSEC-2022-89" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3qq-2w3d-dqe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42299?format=api", "vulnerability_id": "VCID-e73t-pxc6-k7f3", "summary": "Improper Validation of Integrity Check Value in TensorFlow\nThe implementation of `tf.sparse.split` does not fully validate the input arguments.", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/61bf91e768173b001d56923600b40d9a95a04ad5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/61bf91e768173b001d56923600b40d9a95a04ad5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/53695", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/pull/53695" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69" }, { "reference_url": "https://github.com/advisories/GHSA-43q8-3fv7-pr5x", "reference_id": "GHSA-43q8-3fv7-pr5x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43q8-3fv7-pr5x" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x", "reference_id": "GHSA-43q8-3fv7-pr5x", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "GHSA-43q8-3fv7-pr5x", "GMS-2022-48", "GMS-2022-51", "GMS-2022-54" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e73t-pxc6-k7f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42272?format=api", "vulnerability_id": "VCID-f9a1-y3bw-tkbh", "summary": "Integer Overflow or Wraparound in TensorFlow\n### Impact\nThe Grappler component of TensorFlow is vulnerable to a denial of service via `CHECK`-failure in constant folding for ;\n // ...\n }\n```\n \nThe `output_prop` tensor has a shape that is controlled by user input and this can result in triggering one of the `CHECK`s in the `PartialTensorShape` constructor. This is an instance of TFSA-2021-198 .\n\n### Patches\nWe have patched the issue in GitHub commit be7b286d40bc68cb0b56f702186cc4837d508058 fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide] for more information regarding the security model and how to contact us with issues and questions.", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/be7b286d40bc68cb0b56f702186cc4837d508058", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/be7b286d40bc68cb0b56f702186cc4837d508058" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p" }, { "reference_url": "https://github.com/advisories/GHSA-wcv5-vrvr-3rx2", "reference_id": "GHSA-wcv5-vrvr-3rx2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wcv5-vrvr-3rx2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2", "reference_id": "GHSA-wcv5-vrvr-3rx2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "GHSA-wcv5-vrvr-3rx2", "GMS-2022-50", "GMS-2022-53", "GMS-2022-56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9a1-y3bw-tkbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35993?format=api", "vulnerability_id": "VCID-g3tv-ra2y-hqdn", "summary": "Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21725" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-49.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-49.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-104.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-104.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21725", "reference_id": "CVE-2022-21725", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21725" }, { "reference_url": "https://github.com/advisories/GHSA-v3f7-j968-4h5f", "reference_id": "GHSA-v3f7-j968-4h5f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v3f7-j968-4h5f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21725", "CVE-2022-21725", "GHSA-v3f7-j968-4h5f", "PYSEC-2022-104", "PYSEC-2022-49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3tv-ra2y-hqdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36028?format=api", "vulnerability_id": "VCID-g5tz-zaxw-cfa2", "summary": "Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47099", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47148", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47166", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47163", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23590" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23590", "reference_id": "CVE-2022-23590", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23590" }, { "reference_url": "https://github.com/advisories/GHSA-pqrv-8r2f-7278", "reference_id": "GHSA-pqrv-8r2f-7278", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqrv-8r2f-7278" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23590", "CVE-2022-23590", "GHSA-pqrv-8r2f-7278", "PYSEC-2022-154", "PYSEC-2022-99" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5tz-zaxw-cfa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35989?format=api", "vulnerability_id": "VCID-g7mk-ddes-8fa8", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21732", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21732" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-56.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-111.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-111.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21732", "reference_id": "CVE-2022-21732", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21732" }, { "reference_url": "https://github.com/advisories/GHSA-c582-c96p-r5cq", "reference_id": "GHSA-c582-c96p-r5cq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c582-c96p-r5cq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21732", "CVE-2022-21732", "GHSA-c582-c96p-r5cq", "PYSEC-2022-111", "PYSEC-2022-56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7mk-ddes-8fa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35980?format=api", "vulnerability_id": "VCID-jgpf-xs7n-sbcn", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55103", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55159", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55168", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55161", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21727" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-51.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-51.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-106.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b64638ec5ccaa77b7c1eb90958e3d85ce381f91b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b64638ec5ccaa77b7c1eb90958e3d85ce381f91b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21727", "reference_id": "CVE-2022-21727", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21727" }, { "reference_url": "https://github.com/advisories/GHSA-c6fh-56w7-fvjw", "reference_id": "GHSA-c6fh-56w7-fvjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6fh-56w7-fvjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21727", "CVE-2022-21727", "GHSA-c6fh-56w7-fvjw", "PYSEC-2022-106", "PYSEC-2022-51" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgpf-xs7n-sbcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36009?format=api", "vulnerability_id": "VCID-jhq5-zhxm-a3ef", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53971", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53983", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53975", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23586" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-95.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-95.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-150.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23586", "reference_id": "CVE-2022-23586", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23586" }, { "reference_url": "https://github.com/advisories/GHSA-43jf-985q-588j", "reference_id": "GHSA-43jf-985q-588j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jf-985q-588j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23586", "CVE-2022-23586", "GHSA-43jf-985q-588j", "PYSEC-2022-150", "PYSEC-2022-95" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhq5-zhxm-a3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36003?format=api", "vulnerability_id": "VCID-jpzs-vcck-6kce", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66693", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66726", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66741", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66733", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23570" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-79.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-79.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-134.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-134.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8a513cec4bec15961fbfdedcaa5376522980455c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8a513cec4bec15961fbfdedcaa5376522980455c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9p77-mmrw-69c7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9p77-mmrw-69c7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23570", "reference_id": "CVE-2022-23570", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23570" }, { "reference_url": "https://github.com/advisories/GHSA-9p77-mmrw-69c7", "reference_id": "GHSA-9p77-mmrw-69c7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9p77-mmrw-69c7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23570", "CVE-2022-23570", "GHSA-9p77-mmrw-69c7", "PYSEC-2022-134", "PYSEC-2022-79" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpzs-vcck-6kce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36000?format=api", "vulnerability_id": "VCID-me54-9e62-qfdt", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23557" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-66.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-66.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-121.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-121.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/internal/common.h#L75", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/internal/common.h#L75" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8c6f391a2282684a25cbfec7687bd5d35261a209", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8c6f391a2282684a25cbfec7687bd5d35261a209" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23557", "reference_id": "CVE-2022-23557", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23557" }, { "reference_url": "https://github.com/advisories/GHSA-gf2j-f278-xh4v", "reference_id": "GHSA-gf2j-f278-xh4v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf2j-f278-xh4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23557", "CVE-2022-23557", "GHSA-gf2j-f278-xh4v", "PYSEC-2022-121", "PYSEC-2022-66" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-me54-9e62-qfdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36026?format=api", "vulnerability_id": "VCID-mgvb-rccx-ffbz", "summary": "Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44694", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4475", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4477", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44764", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23595" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-103.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-103.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-158.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-158.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23595", "reference_id": "CVE-2022-23595", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23595" }, { "reference_url": "https://github.com/advisories/GHSA-fpcp-9h7m-ffpx", "reference_id": "GHSA-fpcp-9h7m-ffpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpcp-9h7m-ffpx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23595", "CVE-2022-23595", "GHSA-fpcp-9h7m-ffpx", "PYSEC-2022-103", "PYSEC-2022-158" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgvb-rccx-ffbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36014?format=api", "vulnerability_id": "VCID-mka4-sg7r-v3am", "summary": "Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53171", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53223", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53241", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53233", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23574" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-83.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-83.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-138.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-138.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L81-L102", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L81-L102" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23574", "reference_id": "CVE-2022-23574", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23574" }, { "reference_url": "https://github.com/advisories/GHSA-77gp-3h4r-6428", "reference_id": "GHSA-77gp-3h4r-6428", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77gp-3h4r-6428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23574", "CVE-2022-23574", "GHSA-77gp-3h4r-6428", "PYSEC-2022-138", "PYSEC-2022-83" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mka4-sg7r-v3am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36011?format=api", "vulnerability_id": "VCID-n8yf-dh79-83gt", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71392", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.7142", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71443", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71436", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23585" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-94.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-94.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-149.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-149.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23585", "reference_id": "CVE-2022-23585", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23585" }, { "reference_url": "https://github.com/advisories/GHSA-fq6p-6334-8gr4", "reference_id": "GHSA-fq6p-6334-8gr4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fq6p-6334-8gr4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23585", "CVE-2022-23585", "GHSA-fq6p-6334-8gr4", "PYSEC-2022-149", "PYSEC-2022-94" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8yf-dh79-83gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35995?format=api", "vulnerability_id": "VCID-nu75-chwt-fkdp", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21738" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-62.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-117.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-117.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6f4d3e8139ec724dbbcb40505891c81dd1052c4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6f4d3e8139ec724dbbcb40505891c81dd1052c4a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21738", "reference_id": "CVE-2022-21738", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21738" }, { "reference_url": "https://github.com/advisories/GHSA-x4qx-4fjv-hmw6", "reference_id": "GHSA-x4qx-4fjv-hmw6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4qx-4fjv-hmw6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21738", "CVE-2022-21738", "GHSA-x4qx-4fjv-hmw6", "PYSEC-2022-117", "PYSEC-2022-62" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nu75-chwt-fkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35996?format=api", "vulnerability_id": "VCID-psey-gff8-nyg8", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21737" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-61.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-61.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-116.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-116.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/bincount_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/bincount_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7019ce4f68925fd01cdafde26f8d8c938f47e6f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7019ce4f68925fd01cdafde26f8d8c938f47e6f9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21737", "reference_id": "CVE-2022-21737", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21737" }, { "reference_url": "https://github.com/advisories/GHSA-f2vv-v9cg-qhh7", "reference_id": "GHSA-f2vv-v9cg-qhh7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2vv-v9cg-qhh7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21737", "CVE-2022-21737", "GHSA-f2vv-v9cg-qhh7", "PYSEC-2022-116", "PYSEC-2022-61" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psey-gff8-nyg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35988?format=api", "vulnerability_id": "VCID-pve4-4466-tqah", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53971", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53983", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53975", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21731" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-55.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-55.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-110.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-110.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21731", "reference_id": "CVE-2022-21731", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21731" }, { "reference_url": "https://github.com/advisories/GHSA-m4hf-j54p-p353", "reference_id": "GHSA-m4hf-j54p-p353", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4hf-j54p-p353" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21731", "CVE-2022-21731", "GHSA-m4hf-j54p-p353", "PYSEC-2022-110", "PYSEC-2022-55" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pve4-4466-tqah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35992?format=api", "vulnerability_id": "VCID-rapw-1955-2ydq", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21734" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21734", "reference_id": "CVE-2022-21734", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21734" }, { "reference_url": "https://github.com/advisories/GHSA-gcvh-66ff-4mwm", "reference_id": "GHSA-gcvh-66ff-4mwm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcvh-66ff-4mwm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21734", "CVE-2022-21734", "GHSA-gcvh-66ff-4mwm", "PYSEC-2022-113", "PYSEC-2022-58" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rapw-1955-2ydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35984?format=api", "vulnerability_id": "VCID-rgat-jz7g-5qgd", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46152", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46201", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46221", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46219", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21733" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-57.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-57.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-112.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-112.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f68fdab93fb7f4ddb4eb438c8fe052753c9413e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f68fdab93fb7f4ddb4eb438c8fe052753c9413e8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21733", "reference_id": "CVE-2022-21733", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21733" }, { "reference_url": "https://github.com/advisories/GHSA-98j8-c9q4-r38g", "reference_id": "GHSA-98j8-c9q4-r38g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98j8-c9q4-r38g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21733", "CVE-2022-21733", "GHSA-98j8-c9q4-r38g", "PYSEC-2022-112", "PYSEC-2022-57" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgat-jz7g-5qgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36032?format=api", "vulnerability_id": "VCID-rz3q-tnf3-mygj", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23582" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23582", "reference_id": "CVE-2022-23582", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23582" }, { "reference_url": "https://github.com/advisories/GHSA-4j82-5ccr-4r8v", "reference_id": "GHSA-4j82-5ccr-4r8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4j82-5ccr-4r8v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23582", "CVE-2022-23582", "GHSA-4j82-5ccr-4r8v", "PYSEC-2022-146", "PYSEC-2022-91" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rz3q-tnf3-mygj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35999?format=api", "vulnerability_id": "VCID-sb76-qn7q-2ben", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54753", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54815", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54821", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54811", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21740" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-119.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-119.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21740", "reference_id": "CVE-2022-21740", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21740" }, { "reference_url": "https://github.com/advisories/GHSA-44qp-9wwf-734r", "reference_id": "GHSA-44qp-9wwf-734r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44qp-9wwf-734r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21740", "CVE-2022-21740", "GHSA-44qp-9wwf-734r", "PYSEC-2022-119", "PYSEC-2022-64" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sb76-qn7q-2ben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36008?format=api", "vulnerability_id": "VCID-sney-upy2-cub5", "summary": "Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60366", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60404", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60416", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60412", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23558" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-67.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-67.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-122.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-122.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L24-L33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L24-L33" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23558", "reference_id": "CVE-2022-23558", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23558" }, { "reference_url": "https://github.com/advisories/GHSA-9gwq-6cwj-47h3", "reference_id": "GHSA-9gwq-6cwj-47h3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gwq-6cwj-47h3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23558", "CVE-2022-23558", "GHSA-9gwq-6cwj-47h3", "PYSEC-2022-122", "PYSEC-2022-67" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sney-upy2-cub5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36024?format=api", "vulnerability_id": "VCID-t3m9-6h7k-9uax", "summary": "Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56629", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56641", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56634", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56583", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23591" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-100.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-100.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-155.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-155.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23591", "reference_id": "CVE-2022-23591", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23591" }, { "reference_url": "https://github.com/advisories/GHSA-247x-2f9f-5wp7", "reference_id": "GHSA-247x-2f9f-5wp7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-247x-2f9f-5wp7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23591", "CVE-2022-23591", "GHSA-247x-2f9f-5wp7", "PYSEC-2022-100", "PYSEC-2022-155" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t3m9-6h7k-9uax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36021?format=api", "vulnerability_id": "VCID-tdw3-fns6-6baz", "summary": "Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30225", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30261", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23564" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-73.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-73.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-128.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-128.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23564", "reference_id": "CVE-2022-23564", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23564" }, { "reference_url": "https://github.com/advisories/GHSA-8rcj-c8pj-v3m3", "reference_id": "GHSA-8rcj-c8pj-v3m3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8rcj-c8pj-v3m3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23564", "CVE-2022-23564", "GHSA-8rcj-c8pj-v3m3", "PYSEC-2022-128", "PYSEC-2022-73" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdw3-fns6-6baz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35997?format=api", "vulnerability_id": "VCID-u197-te8d-jydm", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4475", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4477", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44764", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44694", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21739" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-63.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-63.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-118.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-118.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/quantized_pooling_ops.cc#L114-L130", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/quantized_pooling_ops.cc#L114-L130" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/53b0dd6dc5957652f35964af16b892ec9af4a559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/53b0dd6dc5957652f35964af16b892ec9af4a559" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21739", "reference_id": "CVE-2022-21739", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21739" }, { "reference_url": "https://github.com/advisories/GHSA-3mw4-6rj6-74g5", "reference_id": "GHSA-3mw4-6rj6-74g5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3mw4-6rj6-74g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21739", "CVE-2022-21739", "GHSA-3mw4-6rj6-74g5", "PYSEC-2022-118", "PYSEC-2022-63" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u197-te8d-jydm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35983?format=api", "vulnerability_id": "VCID-vfkq-sva3-nybz", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.78166", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.7819", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.782", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.78192", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21728" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-52.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-52.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-107.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-107.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21728", "reference_id": "CVE-2022-21728", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21728" }, { "reference_url": "https://github.com/advisories/GHSA-6gmv-pjp9-p8w8", "reference_id": "GHSA-6gmv-pjp9-p8w8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6gmv-pjp9-p8w8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21728", "CVE-2022-21728", "GHSA-6gmv-pjp9-p8w8", "PYSEC-2022-107", "PYSEC-2022-52" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfkq-sva3-nybz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36018?format=api", "vulnerability_id": "VCID-w1s8-6nq3-4bgp", "summary": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52107", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52155", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52167", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23583" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23583", "reference_id": "CVE-2022-23583", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23583" }, { "reference_url": "https://github.com/advisories/GHSA-gjqc-q9g6-q2j3", "reference_id": "GHSA-gjqc-q9g6-q2j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjqc-q9g6-q2j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23583", "CVE-2022-23583", "GHSA-gjqc-q9g6-q2j3", "PYSEC-2022-147", "PYSEC-2022-92" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1s8-6nq3-4bgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36017?format=api", "vulnerability_id": "VCID-xftt-xdnj-fuhd", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44694", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4475", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4477", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44764", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23577" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-86.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-86.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-141.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-141.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23577", "reference_id": "CVE-2022-23577", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23577" }, { "reference_url": "https://github.com/advisories/GHSA-8cxv-76p7-jxwr", "reference_id": "GHSA-8cxv-76p7-jxwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8cxv-76p7-jxwr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23577", "CVE-2022-23577", "GHSA-8cxv-76p7-jxwr", "PYSEC-2022-141", "PYSEC-2022-86" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xftt-xdnj-fuhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36013?format=api", "vulnerability_id": "VCID-yv3z-fhhz-9fa4", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44677", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44699", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23576" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-85.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-85.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-140.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-140.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23576", "reference_id": "CVE-2022-23576", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23576" }, { "reference_url": "https://github.com/advisories/GHSA-wm93-f238-7v37", "reference_id": "GHSA-wm93-f238-7v37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm93-f238-7v37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23576", "CVE-2022-23576", "GHSA-wm93-f238-7v37", "PYSEC-2022-140", "PYSEC-2022-85" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yv3z-fhhz-9fa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35982?format=api", "vulnerability_id": "VCID-z8wr-n2z5-pffq", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54967", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55024", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55033", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21730" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-54.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-54.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-109.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-109.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21730", "reference_id": "CVE-2022-21730", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21730" }, { "reference_url": "https://github.com/advisories/GHSA-vjg4-v33c-ggc4", "reference_id": "GHSA-vjg4-v33c-ggc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjg4-v33c-ggc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21730", "CVE-2022-21730", "GHSA-vjg4-v33c-ggc4", "PYSEC-2022-109", "PYSEC-2022-54" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8wr-n2z5-pffq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35991?format=api", "vulnerability_id": "VCID-zfuy-5852-fug5", "summary": "Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30225", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30261", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23569" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:46:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:46:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23569", "reference_id": "CVE-2022-23569", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23569" }, { "reference_url": "https://github.com/advisories/GHSA-qj5r-f9mv-rffh", "reference_id": "GHSA-qj5r-f9mv-rffh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qj5r-f9mv-rffh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23569", "CVE-2022-23569", "GHSA-qj5r-f9mv-rffh", "PYSEC-2022-133", "PYSEC-2022-78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfuy-5852-fug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35986?format=api", "vulnerability_id": "VCID-zj5j-12r4-4bhp", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56269", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56318", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56332", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56325", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21736" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-60.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-115.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-115.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L227-L292", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L227-L292" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/965b97e4a9650495cda5a8c210ef6684b4b9eceb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/965b97e4a9650495cda5a8c210ef6684b4b9eceb" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21736", "reference_id": "CVE-2022-21736", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21736" }, { "reference_url": "https://github.com/advisories/GHSA-pfjj-m3jj-9jc9", "reference_id": "GHSA-pfjj-m3jj-9jc9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pfjj-m3jj-9jc9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-21736", "CVE-2022-21736", "GHSA-pfjj-m3jj-9jc9", "PYSEC-2022-115", "PYSEC-2022-60" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj5j-12r4-4bhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36001?format=api", "vulnerability_id": "VCID-zztr-pqqn-w7fd", "summary": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58553", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58507", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58555", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58562", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23562" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-71.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-71.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-126.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-126.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/52676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/issues/52676" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/51733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/pull/51733" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23562", "reference_id": "CVE-2022-23562", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23562" }, { "reference_url": "https://github.com/advisories/GHSA-qx3f-p745-w4hr", "reference_id": "GHSA-qx3f-p745-w4hr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qx3f-p745-w4hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26593?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26594?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26601?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" } ], "aliases": [ "BIT-tensorflow-2022-23562", "CVE-2022-23562", "GHSA-qx3f-p745-w4hr", "PYSEC-2022-126", "PYSEC-2022-71" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zztr-pqqn-w7fd" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.1" }